Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tightvnc-2.8.59-gpl-setup-64bit.msi

Overview

General Information

Sample name:tightvnc-2.8.59-gpl-setup-64bit.msi
Analysis ID:1577032
MD5:a85259eec8742fdd4acffcdac54cd930
SHA1:696204de2e5688356bc01bae037c3b955432acdd
SHA256:7e80a38c47a1457a35567f30a7ea515248ca391ae3d9deec48b31868af7315b0
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Contains VNC / remote desktop functionality (version string found)
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • msiexec.exe (PID: 7076 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\tightvnc-2.8.59-gpl-setup-64bit.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6928 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3544 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 366735EB6927792E73E79CEA3C194138 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 4936 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 839A6BED3B535DDC9F926706BED3D358 MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5136 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 55CD39A3B1CA3F8107A53A082A367601 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2672 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 270EB102D49F2F6F5E31328FD1305FFD E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6196 cmdline: C:\Windows\System32\MsiExec.exe -Embedding ABF620296975EB739497FE4C6133E2DA E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
    • tvnserver.exe (PID: 1956 cmdline: "C:\Program Files\TightVNC\tvnserver.exe" -reinstall -silent MD5: 5D478F94283CD69F4393D8DA703BD442)
    • tvnserver.exe (PID: 1488 cmdline: "C:\Program Files\TightVNC\tvnserver.exe" -start MD5: 5D478F94283CD69F4393D8DA703BD442)
      • tvnserver.exe (PID: 5916 cmdline: "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave MD5: 5D478F94283CD69F4393D8DA703BD442)
    • tvnserver.exe (PID: 8008 cmdline: "C:\Program Files\TightVNC\tvnserver.exe" -checkservicepasswords MD5: 5D478F94283CD69F4393D8DA703BD442)
  • svchost.exe (PID: 6360 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 4612 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6956 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6588 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 1144 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 4264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6664 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • chrome.exe (PID: 6824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1988,i,15112898768309574499,3534838998919070353,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • firefox.exe (PID: 7704 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7724 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7932 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {121b51e2-b642-4d24-96e3-95a44349d53c} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a52d6cb10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7540 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -parentBuildID 20230927232528 -prefsHandle 3964 -prefMapHandle 1548 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0ceec4-37c6-4598-bafb-3680f8389ea6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a64bfbe10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3840 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3208 -prefMapHandle 5028 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e912c0c-cb3e-43ad-ac0d-129e9b99bfa6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a71e73710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • tvnserver.exe (PID: 7176 cmdline: "C:\Program Files\TightVNC\tvnserver.exe" -service MD5: 5D478F94283CD69F4393D8DA703BD442)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave, EventID: 13, EventType: SetValue, Image: C:\Program Files\TightVNC\tvnserver.exe, ProcessId: 1956, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tvncontrol
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, ProcessId: 6360, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\screenhooks32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\screenhooks64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\hookldr.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\tvnserver.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\TightVNC Web Site.urlJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\tvnviewer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\LICENSE.txtJump to behavior
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000D.00000003.1577373469.0000022A708F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdb source: firefox.exe, 0000000D.00000003.1575717821.0000022A6279D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 0000000D.00000003.1605032679.0000022A6D479000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1594624942.0000022A627C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1596914947.0000022A627D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdbpopup-warning-button source: firefox.exe, 0000000D.00000003.1577373469.0000022A708F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000D.00000003.1580509432.0000022A6D92C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1470357718.0000022A73241000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 0000000D.00000003.1590307562.0000022A6D1FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000D.00000003.1577373469.0000022A708F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\setup-helper.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID5F7.tmp.1.dr
Source: Binary string: shell32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\screenhooks64.pdb source: screenhooks64.dll.1.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.1594624942.0000022A627C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1596914947.0000022A627D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000D.00000003.1580760569.0000022A6CEBD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1596008945.0000022A73393000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1596008945.0000022A73393000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\firewall.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr
Source: Binary string: CLBCatQ.pdb@ source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1470357718.0000022A73241000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr
Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\tvnserver.pdb source: tvnserver.exe, 00000016.00000000.1638772032.00007FF70209D000.00000002.00000001.01000000.0000000D.sdmp, tvnserver.exe.1.dr
Source: Binary string: propsys.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.dr
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\tvnviewer.pdb source: tvnviewer.exe.1.dr
Source: Binary string: winmm.pdb source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, MSI4037.tmp.0.dr
Source: Binary string: ole32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 0000000D.00000003.1575717821.0000022A6279D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.dr
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\Release\screenhooks32.pdb source: screenhooks32.dll.1.dr
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x64\wixca.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID440.tmp.1.dr, MSID008.tmp.1.dr
Source: Binary string: wsock32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: d:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: firefox.exeMemory has grown: Private usage: 1MB later: 280MB
Source: unknownNetwork traffic detected: DNS query count 31
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.177.21
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.2003331781.0000022A5FD74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000003.1457510581.0000022A71BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1517281221.0000022A71BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1675757140.0000022A71BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1585560163.0000022A71E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1476940176.0000022A72694000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1579011236.0000022A72694000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1556928308.0000022A6D944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1580760569.0000022A6CEFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1546680419.0000022A6D943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1654625407.0000022A64E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1457510581.0000022A71BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1585560163.0000022A71E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <:*://www.facebook.com/*Z equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <:*://www.youtube.com/*Z equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776538550.000034BBB3E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <:www.facebook.comZ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1476940176.0000022A72694000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1579011236.0000022A72694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1556928308.0000022A6D944000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1580760569.0000022A6CEFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1546680419.0000022A6D943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1638468284.0000022A6C8D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C378303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AEC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1638468284.0000022A6C8D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C378303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AEC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000003.1638468284.0000022A6C8D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C378303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AEC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1638468284.0000022A6C8D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: resource://activity-stream/aboutwelcome/lib/AboutWelcomeTelemetry.jsmhttps://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1638468284.0000022A6C8D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: resource://activity-stream/aboutwelcome/lib/AboutWelcomeTelemetry.jsmhttps://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000D.00000003.1638468284.0000022A6C8D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: resource://activity-stream/aboutwelcome/lib/AboutWelcomeTelemetry.jsmhttps://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1922891696.0000022A638FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732786210.0000022A6D94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1776538550.000034BBB3E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1684410653.0000022A64DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1434458261.0000022A638FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1585560163.0000022A71E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1981141526.0000022A6357B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A63552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 905sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: firefox.exe, 0000000D.00000003.1994587148.0000022A6285A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CBB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CBB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CBB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CBB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000D.00000003.1475184236.0000022A6278C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A627A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1477580188.0000022A627A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1472689774.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A62790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1471426008.0000022A6278A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000D.00000003.2000285909.0000022A60DEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000D.00000003.1890629249.0000022A66942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A627A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1462758119.0000022A6277A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1477580188.0000022A627A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000D.00000003.1475184236.0000022A6278C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A62790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1471426008.0000022A6278A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1472689774.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: firefox.exe, 0000000D.00000003.1475184236.0000022A6278C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1986226027.0000022A6314F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912491470.0000022A6DCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748657449.0000022A63877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000D.00000003.1854763241.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1672328936.0000022A65E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918261746.0000022A63B69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1715390903.0000022A6CEBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1545570088.0000022A70818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1431614082.0000022A65E6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979200408.0000022A63B69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000D.00000003.1571511298.0000022A6AEF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1683808386.0000022A64E2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000D.00000003.1650698157.0000022A6536A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000D.00000003.1794053818.00003493F6B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1519727258.0000022A6D044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.o
Source: firefox.exe, 0000000D.00000003.1504502797.0000022A6D5F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1499039906.0000022A6D5E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000D.00000003.1783423494.000021BB21F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968992472.00003183BBC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1965078071.00003E51AA004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968992472.00003183BBC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1965078071.00003E51AA004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0
Source: firefox.exe, 0000000D.00000003.1679144002.0000022A6D249000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1649198009.0000022A65D18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1447065566.0000022A6AD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1448371871.0000022A639CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1464336642.0000022A6AB9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1648145687.0000022A65DAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858240337.0000022A65DAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857201453.0000022A65DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1684410653.0000022A64D63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1447411711.0000022A6AD58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1996375394.0000022A62312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1531619786.0000022A6ACA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1593644127.0000022A6AC4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1510952076.0000022A64722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1380470042.0000022A639DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1464336642.0000022A6ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1379398475.0000022A62289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790183958.0000022A5FB8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1559123296.0000022D0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1464336642.0000022A6AB95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1637991837.0000022A6C8E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000D.00000003.1794053818.00003493F6B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Nn
Source: firefox.exe, 0000000D.00000003.1464336642.0000022A6ABEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1508614551.0000022A6ABF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794053818.00003493F6B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783423494.000021BB21F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968992472.00003183BBC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1965078071.00003E51AA004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/ktop
Source: firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/ktopZ
Source: firefox.exe, 0000000D.00000003.1783423494.000021BB21F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.ox
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6278C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A627A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1477580188.0000022A627A3000.00000004.00000020.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0K
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1472689774.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A62790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1471426008.0000022A6278A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000000D.00000003.1670541782.0000022A669E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1644275140.0000022A669D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000000D.00000003.1670541782.0000022A669E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1644275140.0000022A669D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: http://wixtoolset.org
Source: svchost.exe, 00000004.00000002.1371488297.0000022D7EE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: chromecache_143.11.drString found in binary or memory: http://www.broofa.com
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1472689774.0000022A6279C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000D.00000003.1979940519.0000022A59B14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000D.00000003.1562420643.0000022A7227A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CBB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000D.00000003.1996375394.0000022A62312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1414332362.0000022A64CDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2005886399.0000022A5FD19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1687068932.0000022A64CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000000D.00000003.1990809802.0000022A62BEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 0000000D.00000003.1414332362.0000022A64CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xuln
Source: tvnserver.exe, 00000016.00000000.1638772032.00007FF70209D000.00000002.00000001.01000000.0000000D.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, screenhooks32.dll.1.dr, TightVNC Web Site.url.1.drString found in binary or memory: http://www.tightvnc.com/
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.drString found in binary or memory: http://www.tightvnc.com/0
Source: tvnserver.exe, 00000016.00000000.1642870670.00007FF70215C000.00000002.00000001.01000000.0000000D.sdmp, tvnserver.exe.1.drString found in binary or memory: http://www.tightvnc.com/?f=sa&Timed
Source: tvnviewer.exe.1.drString found in binary or memory: http://www.tightvnc.com/?f=va/
Source: tvnserver.exe, 00000016.00000000.1642870670.00007FF70215C000.00000002.00000001.01000000.0000000D.sdmp, tvnserver.exe.1.drString found in binary or memory: http://www.tightvnc.com/licensing/?f=sa
Source: tvnviewer.exe.1.drString found in binary or memory: http://www.tightvnc.com/licensing/?f=va
Source: tvnviewer.exe.1.drString found in binary or memory: http://www.tightvnc.com/licensing/?f=vc5Error
Source: mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000D.00000003.1680819508.0000022A6CE18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000D.00000003.1680819508.0000022A6CE18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000003.1430872588.0000022A6D6F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1378136618.0000022A624DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1376032054.0000022A62505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000D.00000003.1724951379.0000022A72513000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000D.00000003.1609432236.0000022A6CA6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000D.00000003.1412797748.0000022A6D1C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: chromecache_140.11.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_140.11.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000285909.0000022A60DBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000D.00000003.1567633689.0000022A70818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1634705046.0000022A70818000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1545570088.0000022A70818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000D.00000003.1981141526.0000022A6357B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1457779546.0000022A6DCF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A63552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: chromecache_143.11.dr, chromecache_140.11.drString found in binary or memory: https://apis.google.com
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000D.00000003.1584556621.0000022A6AAE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800457620.0000022A6C89D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000D.00000003.1678073756.0000022A6D47A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000D.00000003.1855722412.0000022A669B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1680521693.0000022A6CE29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1460992953.0000022A725EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1720977173.0000022A669B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1644275140.0000022A66989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1456080946.0000022A725EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 0000000D.00000003.1457598901.0000022A71BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000D.00000003.1453232124.0000022A7246C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000D.00000003.1452594375.0000022A72457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000D.00000003.1452889625.0000022A7242D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1453232124.0000022A72474000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1453232124.0000022A72480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000D.00000003.1453232124.0000022A7246C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000000D.00000003.1453232124.0000022A7246C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1452594375.0000022A72457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000D.00000003.1531619786.0000022A6ACA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000D.00000003.1453232124.0000022A7246C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1453232124.0000022A72480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: chromecache_140.11.drString found in binary or memory: https://clients6.google.com
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000D.00000003.1433600469.0000022A63B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CAEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1726626761.0000022A6CAEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1608376277.0000022A6CAEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1550116886.0000022A6CAEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1799828200.0000022A6CAEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000D.00000003.1915051955.0000022A6D13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1987591143.0000022A62DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1669649709.0000022A6D13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1548542111.0000022A6D13B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: chromecache_140.11.drString found in binary or memory: https://content.googleapis.com
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000D.00000003.1590307562.0000022A6D1FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1412797748.0000022A6D1EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1548542111.0000022A6D1FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1679579932.0000022A6D1FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.1679259379.0000022A6D244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000D.00000003.1899921953.0000022A63BFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000D.00000003.1544003171.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577804043.0000022A708CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1555991919.0000022A708DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1563132648.0000022A708BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1563132648.0000022A708DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577611925.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1620857737.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1544003171.0000022A708CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371906319.0000022D7EE59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1372098091.0000022D7EE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371947230.0000022D7EE66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370457745.0000022D7EE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000004.00000003.1368743493.0000022D7EE87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371947230.0000022D7EE66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370457745.0000022D7EE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371652740.0000022D7EE2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000004.00000002.1371782819.0000022D7EE3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371947230.0000022D7EE66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000004.00000002.1371825934.0000022D7EE44000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000003.1369826829.0000022D7EE62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: firefox.exe, 0000000D.00000003.1464336642.0000022A6AB9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: chromecache_140.11.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000D.00000003.1569148400.0000022A6D62C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1369826829.0000022D7EE62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000003.1370195443.0000022D7EE5D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000002.1371906319.0000022D7EE59000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371652740.0000022D7EE2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000010.00000002.2525365405.00000240AEC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000003.1415816082.0000022A6D05B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000000D.00000003.1418155553.0000022A6D5BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1415816082.0000022A6D05B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1422781038.0000022A6D5EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000D.00000003.1555991919.0000022A708FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.1798973578.0000022A71B2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000D.00000003.1539160786.0000022A722F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1456080946.0000022A725EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000D.00000003.1745554604.0000022A63B69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 0000000D.00000003.1824505119.0000022A64E8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917012025.0000022A64D32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1824853615.0000022A64D31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1644275140.0000022A66989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1610341843.0000022A6AAD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: chromecache_143.11.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_143.11.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_143.11.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_143.11.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000010.00000002.2525365405.00000240AEC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.2525365405.00000240AECC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000010.00000002.2525365405.00000240AECC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1652490025.0000022A64EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842093439.0000022A64EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C37832F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AEC30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000010.00000002.2525365405.00000240AECC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000000D.00000003.1412797748.0000022A6D1C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000010.00000002.2525365405.00000240AECC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 0000000D.00000003.1405339447.0000022A6CDEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000D.00000003.1405339447.0000022A6CDEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000D.00000003.1376032054.0000022A62505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000D.00000003.1747791164.0000022A638A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1557655986.0000022A6AAB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854763241.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000D.00000003.1545570088.0000022A70849000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000D.00000003.1657570525.0000022A6C8B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1734807242.0000022A6C8B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1638468284.0000022A6C8B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AECF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000D.00000003.1590602682.0000022A6C8E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/edc160e1-2ec7-48fe-8c92-eb16d
Source: firefox.exe, 0000000D.00000003.1621773125.0000022A6AA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800964307.0000022A6AA24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/2b2f015b-eb4f-4ce4
Source: firefox.exe, 0000000D.00000003.1800964307.0000022A6AA26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1621773125.0000022A6AA23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/6b0c4ea8-2609-4036
Source: firefox.exe, 0000000D.00000003.1800964307.0000022A6AA26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1621773125.0000022A6AA23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/eab10578-d630-4138
Source: firefox.exe, 00000010.00000002.2525365405.00000240AECF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit2
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000D.00000003.1569148400.0000022A6D62C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 0000000D.00000003.1749465810.0000022A631E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1985207254.0000022A631E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.1415211083.0000022A63BF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000D.00000003.1433600469.0000022A63B69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000000D.00000003.1550116886.0000022A6CA6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000D.00000003.1544003171.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1555991919.0000022A708DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1563132648.0000022A708DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577611925.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1620857737.0000022A708DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000D.00000003.1510952076.0000022A6477C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 0000000D.00000003.1510952076.0000022A6477C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 0000000D.00000003.1510952076.0000022A6477C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000010.00000002.2525365405.00000240AEC90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6278C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1466161823.0000022A62777000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 0000000D.00000003.1510952076.0000022A6477C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 0000000D.00000003.1845415220.0000022A64679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: chromecache_143.11.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: chromecache_140.11.drString found in binary or memory: https://plus.google.com
Source: chromecache_140.11.drString found in binary or memory: https://plus.googleapis.com
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000D.00000003.2002886230.0000022A60D0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000000D.00000003.1724951379.0000022A72513000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.1585560163.0000022A71E79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000D.00000003.1824505119.0000022A64E8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000D.00000003.1994587148.0000022A6285A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000003.1610341843.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1557655986.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000D.00000003.1604175368.0000022A70894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1544567434.0000022A70894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1556445766.0000022A70894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1563132648.0000022A70896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000003.1557655986.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1610341843.0000022A6AAD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000003.2003331781.0000022A5FD9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1557655986.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1610341843.0000022A6AAD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1996236426.0000022A62842000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994587148.0000022A6285A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000D.00000003.1464336642.0000022A6AB9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000D.00000003.1548542111.0000022A6D16F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000D.00000003.1855150208.0000022A6AA76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000D.00000003.1518777996.0000022A71BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1567762854.0000022A6DCFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1546498675.0000022A6DCFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000003.1544003171.0000022A708DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000003.1989089459.0000022A62D82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000D.00000003.1989089459.0000022A62D82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000D.00000003.1569148400.0000022A6D628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1668924614.0000022A6D265000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000010.00000002.2525365405.00000240AEC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000D.00000003.1673066845.0000022A65E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000D.00000003.1657570525.0000022A6C8B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1734807242.0000022A6C8B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1638468284.0000022A6C8B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AECF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000D.00000003.1457779546.0000022A6DCF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000D.00000003.1981141526.0000022A6357B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1457779546.0000022A6DCF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A63552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1987346613.0000022A63114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000D.00000003.1432447087.0000022A64EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1580760569.0000022A6CEBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1673777638.0000022A64EDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1413191476.0000022A64EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1652490025.0000022A64ED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1821785761.0000022A64EDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1799505886.0000022A6CEBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2002886230.0000022A60D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1715390903.0000022A6CEBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860654561.0000022A64EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1977966446.0000022A6CEBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000D.00000003.1545570088.0000022A70820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1567489033.0000022A70822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000D.00000003.1800964307.0000022A6AA26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1622474867.0000022A65E34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1824353942.0000022A64E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822436180.0000022A64EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1621773125.0000022A6AA23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1567997905.0000022A6DCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825532220.0000022A64CBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1652490025.0000022A64EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842093439.0000022A64EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000D.00000003.1456080946.0000022A725DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71BA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000D.00000003.1756767325.0000022A65F28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000000D.00000003.1650698157.0000022A6539D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000D.00000003.1518777996.0000022A71BA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 0000000D.00000003.1715390903.0000022A6CE67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: svchost.exe, 00000004.00000003.1370557168.0000022D7EE4B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dyn
Source: svchost.exe, 00000004.00000003.1370635346.0000022D7EE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.til
Source: svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000004.00000003.1370635346.0000022D7EE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs
Source: svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1371906319.0000022D7EE59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000002.1371652740.0000022D7EE2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000004.00000003.1369497713.0000022D7EE6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371906319.0000022D7EE59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000003.1569148400.0000022A6D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: chromecache_140.11.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
Source: firefox.exe, 0000000D.00000003.1439606379.0000022A6AD88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1557655986.0000022A6AAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1376032054.0000022A62505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000000D.00000003.1471426008.0000022A62795000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6278C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1475184236.0000022A6277E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1472689774.0000022A6279C000.00000004.00000020.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000D.00000003.1430872588.0000022A6D6F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000000D.00000003.1582332618.0000022A6CE12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000D.00000003.1404983336.0000022A6CFBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000D.00000003.1551608434.0000022A6C8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1376032054.0000022A62505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000D.00000003.1550116886.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000D.00000003.1461146757.0000022A725B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: chromecache_140.11.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_140.11.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: chromecache_143.11.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_143.11.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_143.11.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 0000000D.00000003.1557655986.0000022A6AAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000D.00000003.2003331781.0000022A5FDF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1433600469.0000022A63B73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000D.00000003.1430872588.0000022A6D6F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1431041202.0000022A6D6D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000D.00000003.1518777996.0000022A71BA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 0000000D.00000003.1456080946.0000022A725DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 0000000D.00000003.1418155553.0000022A6D5BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1415816082.0000022A6D05B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1422781038.0000022A6D5EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000D.00000003.1518777996.0000022A71BA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 0000000D.00000003.1456080946.0000022A725DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 0000000D.00000003.1545570088.0000022A70820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1567489033.0000022A70822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000D.00000003.1748657449.0000022A63877000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000D.00000003.1776538550.000034BBB3E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
Source: firefox.exe, 0000000D.00000003.1456080946.0000022A725DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 0000000D.00000003.1545570088.0000022A70820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1567489033.0000022A70822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000D.00000003.1518777996.0000022A71B83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
Source: firefox.exe, 0000000D.00000003.1456080946.0000022A725DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71BA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1518777996.0000022A71B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1989089459.0000022A62D82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000010.00000002.2525365405.00000240AECF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000F.00000002.2520436170.000001C3783C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/N:
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/O
Source: firefox.exe, 0000000D.00000003.1456080946.0000022A725DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000D.00000003.2005886399.0000022A5FD19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgglean_internal_info#csv-import-release-rollout#experiment
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
Source: firefox.exe, 0000000D.00000003.1569148400.0000022A6D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 0000000D.00000003.1780064164.0000041EB3404000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1457510581.0000022A71BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1517281221.0000022A71BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1675757140.0000022A71BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C378303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AEC0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A53D37 NtQuerySystemInformation,15_2_000001C378A53D37
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A725F2 NtQuerySystemInformation,15_2_000001C378A725F2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ecb51.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD93.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICDA4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICF4A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFD8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID008.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID1ED.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.icoJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\viewer.icoJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID440.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ecb53.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ecb53.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5F7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSICDA4.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A53D3715_2_000001C378A53D37
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A725F215_2_000001C378A725F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A7263215_2_000001C378A72632
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A72D1C15_2_000001C378A72D1C
Source: tightvnc-2.8.59-gpl-setup-64bit.msiBinary or memory string: OriginalFilenamewixca.dll\ vs tightvnc-2.8.59-gpl-setup-64bit.msi
Source: tightvnc-2.8.59-gpl-setup-64bit.msiBinary or memory string: OriginalFilenamefirewall.dll\ vs tightvnc-2.8.59-gpl-setup-64bit.msi
Source: tightvnc-2.8.59-gpl-setup-64bit.msiBinary or memory string: OriginalFilenameuica.dll\ vs tightvnc-2.8.59-gpl-setup-64bit.msi
Source: tightvnc-2.8.59-gpl-setup-64bit.msiBinary or memory string: OriginalFilenamesetup-helper.dll2 vs tightvnc-2.8.59-gpl-setup-64bit.msi
Source: classification engineClassification label: mal48.troj.evad.winMSI@60/96@69/16
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNCJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeMutant created: \Sessions\1\BaseNamedObjects\Local\tvnserverServiceControlSlave
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4264:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4037.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: firefox.exe, 0000000D.00000003.1538619556.0000022A72570000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1559736735.0000022A72571000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1481118295.0000022A72570000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000D.00000003.1559674183.0000022A725FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747791164.0000022A638A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1460885279.0000022A725FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1456080946.0000022A725FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1480100711.0000022A725FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000D.00000003.1674300819.0000022A72559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: tightvnc-2.8.59-gpl-setup-64bit.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\tightvnc-2.8.59-gpl-setup-64bit.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 366735EB6927792E73E79CEA3C194138 C
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1988,i,15112898768309574499,3534838998919070353,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {121b51e2-b642-4d24-96e3-95a44349d53c} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a52d6cb10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -parentBuildID 20230927232528 -prefsHandle 3964 -prefMapHandle 1548 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0ceec4-37c6-4598-bafb-3680f8389ea6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a64bfbe10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3208 -prefMapHandle 5028 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e912c0c-cb3e-43ad-ac0d-129e9b99bfa6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a71e73710 utility
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 839A6BED3B535DDC9F926706BED3D358
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 55CD39A3B1CA3F8107A53A082A367601
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 270EB102D49F2F6F5E31328FD1305FFD E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding ABF620296975EB739497FE4C6133E2DA E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -reinstall -silent
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -start
Source: unknownProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -service
Source: C:\Program Files\TightVNC\tvnserver.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -checkservicepasswords
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 366735EB6927792E73E79CEA3C194138 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 839A6BED3B535DDC9F926706BED3D358Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 55CD39A3B1CA3F8107A53A082A367601Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 270EB102D49F2F6F5E31328FD1305FFD E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding ABF620296975EB739497FE4C6133E2DA E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -reinstall -silentJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -startJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -checkservicepasswordsJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1988,i,15112898768309574499,3534838998919070353,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {121b51e2-b642-4d24-96e3-95a44349d53c} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a52d6cb10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -parentBuildID 20230927232528 -prefsHandle 3964 -prefMapHandle 1548 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0ceec4-37c6-4598-bafb-3680f8389ea6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a64bfbe10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3208 -prefMapHandle 5028 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e912c0c-cb3e-43ad-ac0d-129e9b99bfa6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a71e73710 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slaveJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: winmm.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: version.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: ntmarta.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: windows.storage.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wldp.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: profapi.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: uxtheme.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: textshaping.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: textinputframework.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: coremessaging.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wintypes.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wintypes.dll
Source: C:\Program Files\TightVNC\tvnserver.exeSection loaded: wintypes.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
Source: Visit TightVNC Web Site.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files\TightVNC\TightVNC Web Site.url
Source: TightVNC Viewer.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files\TightVNC\tvnviewer.exe
Source: Run TightVNC Server.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: TightVNC Server - Control Interface.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: TightVNC Server - Offline Configuration.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: Register TightVNC Service.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: Start TightVNC Service.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: Stop TightVNC Service.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: TightVNC Service - Control Interface.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: TightVNC Service - Offline Configuration.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: Unregister TightVNC Service.lnk.1.drLNK file: ..\..\..\..\..\..\..\Program Files\TightVNC\tvnserver.exe
Source: Google Drive.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\TightVNC\tvnserver.exeWindow detected: Number of UI elements: 13
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\screenhooks32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\screenhooks64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\hookldr.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\tvnserver.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\TightVNC Web Site.urlJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\TightVNC\tvnviewer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}Jump to behavior
Source: tightvnc-2.8.59-gpl-setup-64bit.msiStatic file information: File size 2486272 > 1048576
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000D.00000003.1577373469.0000022A708F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdb source: firefox.exe, 0000000D.00000003.1575717821.0000022A6279D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 0000000D.00000003.1605032679.0000022A6D479000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1594624942.0000022A627C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1596914947.0000022A627D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdbpopup-warning-button source: firefox.exe, 0000000D.00000003.1577373469.0000022A708F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000D.00000003.1580509432.0000022A6D92C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1470357718.0000022A73241000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 0000000D.00000003.1590307562.0000022A6D1FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000D.00000003.1577373469.0000022A708F5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\setup-helper.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID5F7.tmp.1.dr
Source: Binary string: shell32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\screenhooks64.pdb source: screenhooks64.dll.1.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.1594624942.0000022A627C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1596914947.0000022A627D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000D.00000003.1580760569.0000022A6CEBD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1596008945.0000022A73393000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1596008945.0000022A73393000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\firewall.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr
Source: Binary string: CLBCatQ.pdb@ source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1470357718.0000022A73241000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr
Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\tvnserver.pdb source: tvnserver.exe, 00000016.00000000.1638772032.00007FF70209D000.00000002.00000001.01000000.0000000D.sdmp, tvnserver.exe.1.dr
Source: Binary string: propsys.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.dr
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\x64\Release\tvnviewer.pdb source: tvnviewer.exe.1.dr
Source: Binary string: winmm.pdb source: firefox.exe, 0000000D.00000003.1608376277.0000022A6CA8B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, MSI4037.tmp.0.dr
Source: Binary string: ole32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 0000000D.00000003.1575717821.0000022A6279D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.dr
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000D.00000003.1584309520.0000022A6AEEB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: Y:\build\tightvnc-2.8.59-gpl\Release\screenhooks32.pdb source: screenhooks32.dll.1.dr
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1604248362.0000022A627CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000D.00000003.1577937780.0000022A708BB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x64\wixca.pdb source: tightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID440.tmp.1.dr, MSID008.tmp.1.dr
Source: Binary string: wsock32.pdb source: firefox.exe, 0000000D.00000003.1610698167.0000022A6AAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmp
Source: screenhooks32.dll.1.drStatic PE information: section name: .shared
Source: screenhooks64.dll.1.drStatic PE information: section name: .shared
Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID440.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\screenhooks64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\screenhooks32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4037.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\tvnserver.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFD8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID008.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\tvnviewer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICF4A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\hookldr.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID1ED.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5F7.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICDA4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID440.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFD8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID008.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICF4A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID1ED.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5F7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICDA4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\TightVNC\LICENSE.txtJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\tvnserverJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNCJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\Visit TightVNC Web Site.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Viewer.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)\Run TightVNC Server.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)\TightVNC Server - Control Interface.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)\TightVNC Server - Offline Configuration.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Register TightVNC Service.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Start TightVNC Service.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Stop TightVNC Service.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\TightVNC Service - Control Interface.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\TightVNC Service - Offline Configuration.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Unregister TightVNC Service.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvncontrolJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvncontrolJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A53D37 rdtsc 15_2_000001C378A53D37
Source: C:\Program Files\TightVNC\tvnserver.exeWindow / User API: threadDelayed 655Jump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeWindow / User API: threadDelayed 882Jump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeWindow / User API: threadDelayed 425Jump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeWindow / User API: threadDelayed 7507Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID440.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\TightVNC\screenhooks64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\TightVNC\screenhooks32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICFD8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID008.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI4037.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\TightVNC\tvnviewer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICF4A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\TightVNC\hookldr.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID1ED.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID5F7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICDA4.tmpJump to dropped file
Source: C:\Program Files\TightVNC\tvnserver.exe TID: 7216Thread sleep count: 655 > 30Jump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exe TID: 7216Thread sleep time: -32750s >= -30000sJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exe TID: 6320Thread sleep time: -44100s >= -30000sJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exe TID: 6300Thread sleep time: -212500s >= -30000sJump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exe TID: 6300Thread sleep time: -3753500s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files\TightVNC\tvnserver.exeLast function: Thread delayed
Source: C:\Program Files\TightVNC\tvnserver.exeLast function: Thread delayed
Source: C:\Program Files\TightVNC\tvnserver.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
Source: firefox.exe, 0000000E.00000002.2536492675.0000010569200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7z
Source: firefox.exe, 0000000F.00000002.2533971350.000001C378952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
Source: svchost.exe, 00000006.00000002.2516319074.000001CD25864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000006.00000002.2510888878.000001CD25827000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: svchost.exe, 00000006.00000002.2516319074.000001CD25882000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000006.00000002.2510888878.000001CD25827000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: firefox.exe, 0000000E.00000002.2536492675.0000010569200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW/
Source: tvnserver.exe, 00000018.00000002.2503252023.0000000000B4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
Source: firefox.exe, 0000000F.00000002.2533971350.000001C378952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWs
Source: firefox.exe, 0000000E.00000002.2536492675.0000010569200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
Source: firefox.exe, 0000000E.00000002.2515124121.0000010568CCA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2511767642.000001C3780BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2511700859.00000240AE90A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2534866571.00000240AED00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000006.00000002.2506410923.000001CD25802000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: firefox.exe, 0000000E.00000002.2534857573.0000010569122000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000F.00000002.2533971350.000001C378952000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
Source: svchost.exe, 00000006.00000002.2520492277.000001CD25902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000006.00000002.2516319074.000001CD25864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 00000006.00000002.2516319074.000001CD25864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: firefox.exe, 0000000E.00000002.2536492675.0000010569200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: svchost.exe, 00000006.00000002.2516319074.000001CD25864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: firefox.exe, 0000000F.00000002.2533971350.000001C378952000.00000004.00000020.00020000.00000000.sdmp, tvnserver.exe, 00000019.00000002.2503318668.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, tvnserver.exe, 0000001A.00000002.2504981455.00000000007B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 15_2_000001C378A53D37 rdtsc 15_2_000001C378A53D37
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -reinstall -silentJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -startJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\TightVNC\tvnserver.exe "C:\Program Files\TightVNC\tvnserver.exe" -checkservicepasswordsJump to behavior
Source: firefox.exe, 0000000D.00000003.1483911414.0000022A73241000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
Source: svchost.exe, 00000007.00000002.2522418412.000002266BB02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000007.00000002.2522418412.000002266BB02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Remote Access Functionality

barindex
Contains VNC / remote desktop functionality (version string found)
Source: tvnserver.exe, 00000016.00000000.1638772032.00007FF70209D000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: RFB 003.008
Source: tvnserver.exe.1.drString found in binary or memory: RFB 003.008

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Windows Management Instrumentation		11
Windows Service		11
Windows Service		23
Masquerading		OS Credential Dumping51
Security Software Discovery		1
Remote Desktop Protocol		1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder		12
Process Injection		3
Virtualization/Sandbox Evasion		LSASS Memory3
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Remote Access Software		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		11
Registry Run Keys / Startup Folder		11
Disable or Modify Tools		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		12
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture3
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Extra Window Memory Injection		1
DLL Side-Loading		LSA Secrets11
Peripheral Device Discovery		SSHKeylogging4
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Extra Window Memory Injection		DCSync22
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577032 Sample: tightvnc-2.8.59-gpl-setup-6... Startdate: 17/12/2024 Architecture: WINDOWS Score: 48 64 youtube-ui.l.google.com 2->64 66 www.youtube.com 2->66 68 30 other IPs or domains 2->68 82 Contains VNC / remote desktop functionality (version string found) 2->82 8 msiexec.exe 103 59 2->8         started        11 svchost.exe 2->11         started        14 firefox.exe 1 2->14         started        16 7 other processes 2->16 signatures3 process4 dnsIp5 46 C:\Windows\Installer\MSID5F7.tmp, PE32+ 8->46 dropped 48 C:\Windows\Installer\MSID440.tmp, PE32+ 8->48 dropped 50 C:\Windows\Installer\MSID1ED.tmp, PE32 8->50 dropped 54 9 other files (none is malicious) 8->54 dropped 19 tvnserver.exe 1 8->19         started        22 tvnserver.exe 8->22         started        24 msiexec.exe 8->24         started        34 5 other processes 8->34 86 Changes security center settings (notifications, updates, antivirus, firewall) 11->86 26 MpCmdRun.exe 11->26         started        28 firefox.exe 2 237 14->28         started        60 192.168.2.16, 138, 443, 49210 unknown unknown 16->60 62 239.255.255.250 unknown Reserved 16->62 52 C:\Users\user\AppData\Local\...\MSI4037.tmp, PE32 16->52 dropped 32 chrome.exe 16->32         started        file6 signatures7 process8 dnsIp9 84 Contains VNC / remote desktop functionality (version string found) 19->84 36 tvnserver.exe 22->36         started        38 conhost.exe 26->38         started        70 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49740, 49747, 49748 GOOGLEUS United States 28->70 72 push.services.mozilla.com 34.107.243.93, 443, 49757, 49770 GOOGLEUS United States 28->72 78 9 other IPs or domains 28->78 56 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 28->56 dropped 58 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 28->58 dropped 40 firefox.exe 1 28->40         started        42 firefox.exe 1 28->42         started        44 firefox.exe 1 28->44         started        74 plus.l.google.com 142.250.181.78, 443, 49738 GOOGLEUS United States 32->74 76 play.google.com 172.217.19.206, 443, 49739, 49751 GOOGLEUS United States 32->76 80 2 other IPs or domains 32->80 file10 signatures11 process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
tightvnc-2.8.59-gpl-setup-64bit.msi0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\TightVNC\hookldr.exe0%ReversingLabs
C:\Program Files\TightVNC\screenhooks32.dll0%ReversingLabs
C:\Program Files\TightVNC\screenhooks64.dll0%ReversingLabs
C:\Program Files\TightVNC\tvnserver.exe0%ReversingLabs
C:\Program Files\TightVNC\tvnviewer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI4037.tmp0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
C:\Windows\Installer\MSICDA4.tmp0%ReversingLabs
C:\Windows\Installer\MSICF4A.tmp0%ReversingLabs
C:\Windows\Installer\MSICFD8.tmp0%ReversingLabs
C:\Windows\Installer\MSID008.tmp0%ReversingLabs
C:\Windows\Installer\MSID1ED.tmp0%ReversingLabs
C:\Windows\Installer\MSID440.tmp0%ReversingLabs
C:\Windows\Installer\MSID5F7.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=16965812014006000%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.til0%Avira URL Cloudsafe
https://dynamic.t0%Avira URL Cloudsafe
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
star-mini.c10r.facebook.com
157.240.196.35
truefalse
    		high
    example.org
    		93.184.215.14
    		truefalse
      		high
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		high
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		high
          twitter.com
          		104.244.42.129
          		truefalse
            		high
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		high
              services.addons.mozilla.org
              		151.101.193.91
              		truefalse
                		high
                plus.l.google.com
                		142.250.181.78
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        		34.160.144.191
                        		truefalse
                          		high
                          youtube-ui.l.google.com
                          		142.250.181.46
                          		truefalse
                            		high
                            play.google.com
                            		172.217.19.206
                            		truefalse
                              		high
                              reddit.map.fastly.net
                              		151.101.65.140
                              		truefalse
                                		high
                                ipv4only.arpa
                                		192.0.0.170
                                		truefalse
                                  		high
                                  prod.ads.prod.webservices.mozgcp.net
                                  		34.117.188.166
                                  		truefalse
                                    		high
                                    push.services.mozilla.com
                                    		34.107.243.93
                                    		truefalse
                                      		high
                                      www.google.com
                                      		172.217.19.228
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  firefox.settings.services.mozilla.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    www.youtube.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.facebook.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        detectportal.firefox.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          normandy.cdn.mozilla.net
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            shavar.services.mozilla.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              apis.google.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000010.00000002.2525365405.00000240AECC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://detectportal.firefox.com/firefox.exe, 0000000D.00000003.1854763241.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.tightvnc.com/tvnserver.exe, 00000016.00000000.1638772032.00007FF70209D000.00000002.00000001.01000000.0000000D.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, screenhooks32.dll.1.dr, TightVNC Web Site.url.1.drfalse
                                                                            		high
                                                                            https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1544003171.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577804043.0000022A708CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1555991919.0000022A708DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1563132648.0000022A708BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1563132648.0000022A708DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1577611925.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1620857737.0000022A708DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1544003171.0000022A708CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.mozilla.com0firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drfalse
                                                                                    		high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.2525365405.00000240AEC90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fontbureau.com/designersfirefox.exe, 0000000D.00000003.1979940519.0000022A59B14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://mozilla.org/Nnfirefox.exe, 0000000D.00000003.1794053818.00003493F6B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://mozilla.ofirefox.exe, 0000000D.00000003.1794053818.00003493F6B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1519727258.0000022A6D044000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1673066845.0000022A65E08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://screenshots.firefox.comfirefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 0000000D.00000003.1510952076.0000022A6477C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1518777996.0000022A71BB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1567762854.0000022A6DCFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1546498675.0000022A6DCFB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1433600469.0000022A63B13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000D.00000003.1981141526.0000022A6357B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1457779546.0000022A6DCF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A63552000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1674300819.0000022A72544000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://wixtoolset.orgtightvnc-2.8.59-gpl-setup-64bit.msi, MSICDA4.tmp.1.dr, 3ecb53.msi.1.dr, MSICD93.tmp.1.dr, MSID1ED.tmp.1.dr, MSICF4A.tmp.1.dr, MSICFD8.tmp.1.dr, MSI4037.tmp.0.dr, MSID440.tmp.1.dr, MSID008.tmp.1.drfalse
                                                                                                                        		high
                                                                                                                        https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1439606379.0000022A6AD88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1557655986.0000022A6AAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1376032054.0000022A62505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1584701397.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1459090257.0000022A6AAC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://profiler.firefox.com/firefox.exe, 0000000D.00000003.2002886230.0000022A60D0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                  		high
                                                                                                                                  http://mozilla.org/0firefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968992472.00003183BBC03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1965078071.00003E51AA004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1376032054.0000022A62505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1375703639.0000022A62300000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1371947230.0000022D7EE66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1370457745.0000022D7EE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000D.00000003.1681499336.0000022A6C8A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://mozilla.org/ktopZfirefox.exe, 0000000D.00000003.1972853498.0000084BAAC03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://t0.ssl.ak.dynamic.tilsvchost.exe, 00000004.00000003.1370635346.0000022D7EE32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.amazon.com/firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://fpn.firefox.comfirefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0stightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600firefox.exe, 0000000E.00000002.2525536268.00000105690E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C3783E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2535549882.00000240AEE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.youtube.com/firefox.exe, 0000000D.00000003.1433021248.0000022A63BF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2520436170.000001C378303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2525365405.00000240AEC0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://MD8.mozilla.org/1/mfirefox.exe, 0000000D.00000003.1430872588.0000022A6D6F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://plus.google.comchromecache_140.11.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.bbc.co.uk/firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1547337578.0000022A6D2AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000010.00000002.2525365405.00000240AECC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://127.0.0.1:firefox.exe, 0000000D.00000003.1994587148.0000022A6285A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1453232124.0000022A7246C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1452594375.0000022A72431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1464336642.0000022A6AB9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://bugzilla.mofirefox.exe, 0000000D.00000003.1457598901.0000022A71BC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://dynamic.tsvchost.exe, 00000004.00000002.1371906319.0000022D7EE59000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://amazon.comfirefox.exe, 0000000D.00000003.1577993921.0000022A708AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000D.00000003.1457779546.0000022A6DCF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981141526.0000022A635E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1584701397.0000022A6AABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://spocs.getpocket.com/firefox.exe, 00000010.00000002.2525365405.00000240AEC13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.iqiyi.com/firefox.exe, 0000000D.00000003.1590021238.0000022A6D61D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000004.00000002.1371947230.0000022D7EE68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1369772414.0000022D7EE65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000004.00000003.1370530827.0000022D7EE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://www.tightvnc.com/licensing/?f=vc5Errortvnviewer.exe.1.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://www.amazon.com/Zfirefox.exe, 0000000D.00000003.1773390702.0000091B6A804000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://ocsp.sectigo.com0tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000004.00000003.1370230286.0000022D7EE58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1570235408.0000022A6CA0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 0000000D.00000003.1855150208.0000022A6AA76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2001884804.0000022A60D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854341182.0000022A6AAD3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000D.00000003.1583030434.0000022A6CBB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000D.00000003.1583030434.0000022A6CB9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000D.00000003.1453232124.0000022A7246C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1679144002.0000022A6D249000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1649198009.0000022A65D18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1447065566.0000022A6AD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1448371871.0000022A639CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1464336642.0000022A6AB9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1648145687.0000022A65DAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858240337.0000022A65DAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857201453.0000022A65DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1684410653.0000022A64D63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1447411711.0000022A6AD58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1996375394.0000022A62312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1531619786.0000022A6ACA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1593644127.0000022A6AC4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1510952076.0000022A64722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1380470042.0000022A639DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1464336642.0000022A6ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1379398475.0000022A62289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790183958.0000022A5FB8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1559123296.0000022D0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1464336642.0000022A6AB95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1637991837.0000022A6C8E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000004.00000002.1371652740.0000022D7EE2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1550116886.0000022A6CA6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.2521625410.00000240AEAC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 0000000D.00000003.1869958384.0000022A73A00000.00000004.00000800.00020000.00000000.sdmp, tightvnc-2.8.59-gpl-setup-64bit.msi, 3ecb53.msi.1.dr, gmpopenh264.dll.tmp.13.dr, screenhooks64.dll.1.dr, MSICD93.tmp.1.dr, tvnserver.exe.1.dr, MSID5F7.tmp.1.dr, tvnviewer.exe.1.dr, screenhooks32.dll.1.drfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1680819508.0000022A6CE18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1680819508.0000022A6CE18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749465810.0000022A631D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1582332618.0000022A6CE16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                  172.217.19.228
                                                                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  172.217.19.206
                                                                                                                                                                                                                                                                  		play.google.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.117.188.166
                                                                                                                                                                                                                                                                  		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                  35.201.103.21
                                                                                                                                                                                                                                                                  		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.120.208.123
                                                                                                                                                                                                                                                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.149.100.209
                                                                                                                                                                                                                                                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                  34.107.243.93
                                                                                                                                                                                                                                                                  		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.107.221.82
                                                                                                                                                                                                                                                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  35.244.181.201
                                                                                                                                                                                                                                                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                                                                  151.101.193.91
                                                                                                                                                                                                                                                                  		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                  35.190.72.216
                                                                                                                                                                                                                                                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  142.250.181.78
                                                                                                                                                                                                                                                                  		plus.l.google.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.160.144.191
                                                                                                                                                                                                                                                                  		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                                                  192.168.2.16
                                                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                  Analysis ID:1577032
                                                                                                                                                                                                                                                                  Start date and time:2024-12-17 21:44:41 +01:00
                                                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                  Overall analysis duration:0h 8m 2s
                                                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                  Number of analysed new started processes analysed:31
                                                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                  Sample name:tightvnc-2.8.59-gpl-setup-64bit.msi
                                                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                                                  Classification:mal48.troj.evad.winMSI@60/96@69/16
                                                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                                                  • Successful, ratio: 33.3%
                                                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                                                  • Number of executed functions: 3
                                                                                                                                                                                                                                                                  • Number of non-executed functions: 1
                                                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                                                  • Found application associated with file extension: .msi

                                                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 172.217.19.227, 64.233.164.84, 172.217.17.78, 172.217.17.46, 142.250.181.3, 172.217.19.10, 172.217.17.74, 172.217.19.202, 142.250.181.42, 172.217.21.42, 142.250.181.106, 172.217.17.42, 172.217.19.170, 172.217.19.234, 142.250.181.138, 142.250.181.74, 35.85.93.176, 44.228.225.150, 52.40.120.141, 88.221.134.155, 88.221.134.209, 172.217.17.35, 23.218.208.109, 20.12.23.50
                                                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, accounts.google.com, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, ogads-pa.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, safebrowsing.googleapis.com, clients.l.google.com, www.gstatic.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                  • Execution Graph export aborted for target firefox.exe, PID 7724 because there are no executed function
                                                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                  • VT rate limit hit for: tightvnc-2.8.59-gpl-setup-64bit.msi

                                                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                                                  15:45:38API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                  15:46:20API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                                                                                                                                                                                  15:46:30API Interceptor19904x Sleep call for process: tvnserver.exe modified

                                                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                  34.117.188.166kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      239.255.255.250https://1drv.ms/w/c/17cc1e7b64547fa0/ER4uyAUCto9GkfZ_Sw-4_NAB9TeJj_jWV9oRzb3kdQINFQ?e=4%3aaVtPRh&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        https://www.fishertools.com/images/category/c1338ad0ed698a218652681b11a0396f.jpgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          https://shipment-status.com/route/85cc45db86ead4bc2c9088fa81eada0d9155863e/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            https://bu.marcel-andree.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              https://usps.com-sglw.top/IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                https://funcilnewshical.com/76e41238-e8a4-483e-8f1d-ad83b34d4805?batchid=Douglasgrimes-Testsetup&carrier=carrier&textid=textid&brand=register.douglasgrimes.com&source=source&messageId=messageId&name=Lisa&phone=phone&step=step&domain=domain&cost=costGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VUN0JRQTRLU1hTVDBDM1RLNFpLVU9CTVlJSC4u&sharetoken=nQqCF0yk9yLYcWPsu8RbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                      Remit_Advice_SMKT_84655.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                          151.101.193.91kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              34.149.100.209kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  services.addons.mozilla.orgkjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  example.orgkjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comhttps://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 31.13.69.35
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                  http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                  https://business.livechathelpsuite.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                  twitter.comkjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://bu.marcel-andree.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                  174 Power Global_Enrollment_.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.42.160
                                                                                                                                                                                                                                                                                                                                                  174 Power Global_Enrollment_.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.42.160
                                                                                                                                                                                                                                                                                                                                                  https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                                  Tbconsulting Company Guidelines Employee Handbook.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  FASTLYUShttps://1drv.ms/w/c/17cc1e7b64547fa0/ER4uyAUCto9GkfZ_Sw-4_NAB9TeJj_jWV9oRzb3kdQINFQ?e=4%3aaVtPRh&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                  rbqHSouklL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                                  https://funcilnewshical.com/76e41238-e8a4-483e-8f1d-ad83b34d4805?batchid=Douglasgrimes-Testsetup&carrier=carrier&textid=textid&brand=register.douglasgrimes.com&source=source&messageId=messageId&name=Lisa&phone=phone&step=step&domain=domain&cost=costGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.194.208
                                                                                                                                                                                                                                                                                                                                                  stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                                  Remit_Advice_SMKT_84655.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                  stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                                  Documento_Contrato_Seguro_18951492.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                                                                  Documento_Contrato_Seguro_25105476.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                                                                  http://sharefileon.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                                  http://www.kukaj-to.chat/sedoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.21
                                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSfile.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  https://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 57.129.18.105
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.177.36.41
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  q2jbDDaB3T.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  gyZkEwCn5w.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  z2kJvTjVVa.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  jf2jJnlcYf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSfile.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  https://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 57.129.18.105
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.177.36.41
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  q2jbDDaB3T.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  gyZkEwCn5w.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  z2kJvTjVVa.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  jf2jJnlcYf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.141.219.230

                                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcakjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSI4037.tmpDocumento_Contrato_Seguro_18951492.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                    Documento_Contrato_Seguro_25105476.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                      Documento_Contrato_Seguro_63452319.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                        Documento_Contrato_Seguro_44600862.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                          setup.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                            RQ--029.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                              Atualizador_Fiscal_NFe_37882912.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                                xUPaeKk5wQ.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                                  7gBUqzSN3y.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                                                    nwindowsdll.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                      C:\Config.Msi\3ecb52.rbs

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):440298
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.438234518019401
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6144:JgAuna4n7H18hncBMnmgd5+i/HwqI/k1FCWzWhXjpiAYqhuLnn4mzQ48Xpd:JgAEa47H4rmO5VBI/kdqVkqujnzh85d
                                                                                                                                                                                                                                                                                                                                                                      MD5:D0FB173C7B144B6EC153BFFF5380799C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1CC3B1FAA73ECD3CD93329074F2DD3A32E35EFD1
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:58661648F87995D7AE72DEC97D5964BD76E6F5E0DA1CA07E3A02C62C37BAC4C0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:93D6BE32E8D7E055A6FB47878B6B515E7A1C7C7397EA378E3DB1CBF805B096A9889230512DEEF60572650E2C6477D2FA027E6CEE7A7BF01DDB2CB661E157DAB2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...@IXOS.@.....@.}.Y.@.....@.....@.....@.....@.....@......&.{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}..TightVNC#.tightvnc-2.8.59-gpl-setup-64bit.msi.@.....@;....@.....@......tvnserver.ico..&.{71AA2E6F-1CEA-4A9C-9880-4477A5035274}.....@.....@.....@.....@.......@.....@.....@.......@......TightVNC......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....AllowSasK...AllowSas.@A.........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...Q...Q...Q......Q.....Q......Q...P...Q.<...Q.....Q......Q......Q.......Q.Rich..Q.........................PE..d......_.........." .....&...........p.......................................P......y.....@....................................................d....0..........0............@.......C...............................................@...............................text...f%.......&.................. ..`.rdata...t...@...v...*......

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\LICENSE.txt

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):18092
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.666564742606159
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:384:ghUwi5rpL676yV12rPd34ZomzM2FR+dWF7jUI:gmFWixMFzMdm7jUI
                                                                                                                                                                                                                                                                                                                                                                      MD5:B234EE4D69F5FCE4486A80FDAF4A4263
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4CC77B90AF91E615A64AE04893FDFFA7939DB84C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8177F97513213526DF2CF6184D8FF986C675AFB514D4E68A404010521B880643
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:AEE80B1F9F7F4A8A00DCF6E6CE6C41988DCAEDC4DE19D9D04460CBFB05D99829FFE8F9D038468EABBFBA4D65B38E8DBEF5ECF5EB8A1B891D9839CDA6C48EE957
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview: GNU GENERAL PUBLIC LICENSE. Version 2, June 1991.. Copyright (C) 1989, 1991 Free Software Foundation, Inc.,. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.License is intended to guarantee your freedom to share and change free.software--to make sure the software is free for all its users. This.General Public License applies to most of the Free Software.Foundation's software and to any other program whose authors commit to.using it. (Some other Free Software Foundation software is covered by.the GNU Lesser General Public License instead.) You can apply it to.your programs, too... When we speak of free software, we are referring to freedom, no

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\TightVNC Web Site.url

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows 95 Internet shortcut text (URL=<http://www.tightvnc.com/>), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):50
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4483674395583765
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:HRAbABGQYm/0S4T1yyTDn:HRYFVm/r4Rrnn
                                                                                                                                                                                                                                                                                                                                                                      MD5:398AD5309240BAD56D399DF9517BB12C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9AE5B6DFAF5F7CADF2E358AB541D6A833369119C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0B9A87C6A3E5EA6448CC4CECABD780457966B60AC38BEC75E3B47C1085D4DD14
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:4111FFB3A1231F61C580320A03E8912F960FE283A4EA5C300EA429214C91F3AABDC379A1984C278CBC55419DFC1EB2404A5BCF2B3C56E642456572DCF59488C3
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:[InternetShortcut]..URL=http://www.tightvnc.com/..

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\hookldr.exe

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):102576
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.3473677851667025
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1536:Y7ZJbaFqLdklCvm247SFEJQKRGBbT/2B0AUkwGBZvr6zfb2fLH:6bbLKlileiDwyG/vr6zfb6
                                                                                                                                                                                                                                                                                                                                                                      MD5:7A854430FF30D27F7F668BA3F291A60B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:00F1835A9084C586D8500433908686992CA30FE2
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8D00AB5EFD8D30C4A524913E7F4F508A78A377C388EE52956E9EF1431D328692
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:30D39ADEC22F6578A4A2AA0C8B1ADF31E710DCDCFADF4EFF74E4F775748D92861009A6E0215EF1FB272FE88EE5008B8E90B7811F7F9B2BA9D8D7B7165A812A6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.#...M...M...M.......M.....g.M...L.{.M.......M.....+.M.......M.......M.......M.Rich..M.........................PE..L......_.....................x.......2............@.................................nt....@.................................\H..<....................x...............................................5..@...............t............................text...[........................... ..`.rdata...@.......B..................@..@.data..../...`.......B..............@....rsrc................V..............@..@.reloc..v............\..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\screenhooks32.dll

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):74416
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.364288192374079
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:NUfezBCKNdK4JoVtb5NgBkdKL99WNU4kde4y6G0JWr9J/qK4TUNhG7AaZ6wwwwwn:KDOQKZ9WtqzF0994ShG1Z6kuZ/HSjx
                                                                                                                                                                                                                                                                                                                                                                      MD5:B615280E4C34FE1B6FB7356DC21DE744
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C884C5BF0131E8FA184D9E9323A86334DF6FAE6C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3822F168AA2026EEEDB3B42EEFF850C89E447A13852E7EF18F413F1AB904FFA
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:DE1893673A76D7A8A2D35C5D452CC466F712722772F5E35B0F7EB5673BD17930E2DB0D782E684346DDEB8507A18578525F9B2413BB22867B7E0D93443399A936
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.G]...]...]...T~..L...]........q..X...T~8.....T~?.x...T~1._...T~).\...T~/.\...T~*.\...Rich]...........................PE..L......_...........!.........b......4>.......................................`.......*....@.............................`...<...<....0.......................@......P...................................@............................................text............................... ..`.rdata...4.......4..................@..@.data...............................@....shared...... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\screenhooks64.dll

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):82096
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.120097335741314
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1536:ecyeCluXXvP2N5yR+2Jvaf9/t7WMBvh9RiOCVDllO:vye6unvON4R+GI7WMBrRiOCRlg
                                                                                                                                                                                                                                                                                                                                                                      MD5:6BD028E91E27F057AA1276AFA3B3247B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:3F509DFAD78452088D4726B6C1397A348715A0D8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:ED315ACA0C2A6FA8DB22237AE98E024533EF05E8B222AB2F70733D2D9F0C6904
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D48C14595BC81DDB26BF97A7A9B3763E42AA838C0E2F95B4541386DF61F2653D8C0CD3D8416CF6999CB646E07884F573879E9B5C65E501F63BB2B63D9B3C82E5
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9r..}...}...}...tk..w...}...+....d6.x...tk..5...tk..[...tk......tk..|...tk..|...tk..|...Rich}...........PE..d...x.._.........." .........t.......F...................................................@.............................................`.......<....`.......@.......(.......p.. .......................................................H............................text.............................. ..`.rdata...G.......H..................@..@.data....#..........................@....pdata.......@......................@..@.shared. ....P......................@....rsrc........`......................@..@.reloc.......p.......$..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\tvnserver.exe

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1803440
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.574223293164085
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:MG5ob3JvfFH+HoPr90CMqgKCdGHMhpDw9TIrUPopzFv73OZNt72DgPyK1:V523JFHUoP++xuDaTIrUPUhvk7qQyK1
                                                                                                                                                                                                                                                                                                                                                                      MD5:5D478F94283CD69F4393D8DA703BD442
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B4F4A6D6310C9B236DC96CC216425B76D2A93772
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9B1F877060D1F8399462D443D87CD1A7FED777B6CA25FED712D76D3980ADF5AC
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7840BA7B5242D7BC950F7E422E1865AB5721273A15151AEA7D7BB90FAE98C2A0DD9F3C625DFC3B43A0167E35FEF411758075CDF267787CF92C6E141AAE8A72AA
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8.a.Y.2.Y.2.Y.2.!.2.Y.2.!.2#Y.2.Y.2.X.2L.$2.Y.2.!.2.Y.2.!.2.X.2.!.2.Y.2.Y.2.Y.2.!.2.Y.2Rich.Y.2........PE..d......_.........."..................R.........@..........................................@.....................................................................\....l..........$...@...................................................8............................text.............................. ..`.rdata...K.......L..................@..@.data...P.... ...t..................@....pdata..\............v..............@..@.rsrc...............................@..@.reloc...*.......,...@..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\TightVNC\tvnviewer.exe

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1061040
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.178425243926522
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:w5IGYWoSFCKpiuQ3E/0MBw8E6k1PFZhWnR9TuiwHJa9it:w55YWoSFCKpiuyEcT6kZDOTuiWj
                                                                                                                                                                                                                                                                                                                                                                      MD5:89F81DB9F3C78CEABF5C3039081D1E13
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F9D6616A8313D593DF18B7D7AABFB923FE33145D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:10BFBFDE90A711E5B279909B4E3CB50C7F30D1D13AF848BDC1E05F2883387F9C
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:DF74956EE38E33994DF6F5B46DB30E94D305B20B20D46C1646513C0EA3E06EE1A1F413E0D0ABD11D4A7671399FB79372BEB4B156D03E20557D12EC8B07ACB14E
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........N...N...N...G...C...G.......G.......N....~....?.[...G...<...G...O...G...O...RichN...................PE..d......_.........."......~..........h..........@....................................S.....@.................................................<9..........t....................`..l...p................................................................................text....|.......~.................. ..`.rdata..............................@..@.data........`...X...H..............@....pdata..............................@..@.rsrc...t............f..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)\Run TightVNC Server.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:55 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1929
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5950153075450304
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8NxcdEwOUEACdc8/xdcx+MswBDeSKI6Sv74WswB1Jfwr9yfm:8jcdEhUTCdc8Jdcx5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:303F0AFCA2840215D0CBDA7AE26998FA
                                                                                                                                                                                                                                                                                                                                                                      SHA1:16A1C41993CBC0FE96830D781C11DDA21693ABC3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:403AE20E861FC9FD139B68C6EF2E06D2AC22B87CB541D37233E46B86E7DFB2C6
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C51B2230DD40DA7D5FE96E136F9142AF9544163A0E8976651F425C696F73F5663C1A9D3E447DE9EFCFD2F51D973D98C0BAB8196D2B40EB6F1086807D36D6BC79
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c......"d..P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico......................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)\TightVNC Server - Control Interface.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1953
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.602012428111059
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:87xcdEwOUEACdc8/xdcpv+MswBDeSKI6Sv74WswB1Jfwr9yfm:8tcdEhUTCdc8Jdcpv5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:AF0741AD798AD6179409FC1DF4A24B07
                                                                                                                                                                                                                                                                                                                                                                      SHA1:EBAF6E003952140429104D5228E23E7200D22463
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:12FC3135B6D0223049552246B6FEB180453EDD8B01807472703EC9FFB389D39E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:98A85A436AAC722642B1E32E6234CCA75F79D7AF679F694C95FC4D8260A59DFB78E3C5049EEC5794BF79BBC91A503C1C6E2A6798079A386E59883B54B5CE32D0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c......4...P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.c.o.n.t.r.o.l.a.p.p.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico..............................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Application Mode)\TightVNC Server - Offline Configuration.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1951
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.608692535919028
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8ZxcdEwOUEACdc8/xdcN+MswBDeSKI6Sv74WswB1Jfwr9yfm:83cdEhUTCdc8JdcN5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:5ECD18961FD95E27E8DEFF7CA33132FF
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4E11DC001F838B60E6BAA7875FD905E120CA314C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6433C8413C6F3BD9CEFFCB3F32CE17AD434E252643C2F4268540E74A5B3F67C2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8E0E94E1BC8354240A50249C1E8908ADE665B311B5E0C7DDB8648B06E69151BC130F48D8E3331D9587EB88A17958FE28CC177743AF76B4CBAB3B7389B87978ED
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c........P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.c.o.n.f.i.g.a.p.p.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Register TightVNC Service.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1947
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.598130107527458
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8iaxcdEwOUEACdc8/xdc/t+MswBDeSKI6Sv74WswB1Jfwr9yfm:8iAcdEhUTCdc8Jdc15XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:5F390B517171FFDC38874F48E32BAA05
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9B6EF5798CEC173510D916B2E0D5326D537E1B22
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:37A4B66C5F42DE30208944958A1B325EA3AAAFA6C4F0FCEEE6D23A56F78E988A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:79E31A222C44841A9E22A89619487D9AA10E7A7C766D3546E8E8D65D27AB456B294AD390D66030FB2148AB5DE7FE23BC66C5FF46C1AD7DD3AB2552F28A9EC744
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c......i...P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.i.n.s.t.a.l.l.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico....................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Start TightVNC Service.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1943
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.597331030870033
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8PxcdEwOUEACdc8/xdc+3j+MswBDeSKI6Sv74WswB1Jfwr9yfm:85cdEhUTCdc8JdcUj5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:F19E7D8535F37AC4E1FDC8227029C250
                                                                                                                                                                                                                                                                                                                                                                      SHA1:A2B2228661C80B60DE6C182E713614BFD117D0A8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0ACE518ABCFF48E362699C3E73547B5AC21944307D008FBDD1ACFCB920812183
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:18AA4CC59D4A345E2384A377984EE8071D3857363553B92945CB534917B4ADA7076CFEA7CA8431601EF493042B92CFE6BE3C8EC69E3A32A4C3C54B76C70C0AF8
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c.........P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.s.t.a.r.t.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico........................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Stop TightVNC Service.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.599966019813828
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8IaxcdEwOUEACdc8/xdcJ+MswBDeSKI6Sv74WswB1Jfwr9yfm:87cdEhUTCdc8JdcJ5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:8D6AFF8CC94F8A407950200E90786383
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4E49AE96071751458F3661D4AFBF268ACF18C4F6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:DB5D296220B8781AD0BB563B09E0472A7B558A1621EAAE8406F8878BA996470A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:43980992BB5F1DA6F73E06680E9C59CEFFF2A2C246A537C201200D94B8D49E1A94789AD94FB06C11C8D7E033E52135BDDF2BA8FDF4ACA5A694C659D5EBAE692A
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c.........P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.s.t.o.p.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico..........................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\TightVNC Service - Control Interface.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1961
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.602221864466082
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:83xcdEwOUEACdc8/xdcVj+MswBDeSKI6Sv74WswB1Jfwr9yfm:8hcdEhUTCdc8JdcVj5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:430E5462010AAA40C9D0585F99949675
                                                                                                                                                                                                                                                                                                                                                                      SHA1:AD7F108F951760697751457F8FEEFCD743A37E7B
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:303847501D5E6D3BD0ABE5197C4B48EEA7AB21070EDDD932AC25FC284861BAD2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5E35668A393C05C2566E32328B70BEEF793400729C97D1CDBCD8C9868B026D869939A12F3B6729F50AC2CB4FD9765C3E8A2ACCBBDD3D8958BBF982279853D26B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c.....,....P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.c.o.n.t.r.o.l.s.e.r.v.i.c.e.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico......................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\TightVNC Service - Offline Configuration.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1959
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.606253230073608
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:82xcdEwOUEACdc8/xdcwK+MswBDeSKI6Sv74WswB1Jfwr9yfm:80cdEhUTCdc8JdcwK5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:7D6DDB870B2C70331D1558A236B50BC0
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1399C6941C710DBE0765D4E4C5EA6D3FFFFDBF8D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:68526744B9B6CFFB781F44C78BEC7BD246DB0751E1193A4E0766375E095ED0A5
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:33189BF31C8BA662C8F06A5376D18122DB470E05CF749B55ED420038C82B7D61C0DDBD464216D84DB2BC4098C00CEEB0BEA3A692BE60888928094B49C0C01002
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c.........P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.c.o.n.f.i.g.s.e.r.v.i.c.e.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico........................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Server (Service Mode)\Unregister TightVNC Service.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:56 2024, atime=Thu Dec 17 16:34:22 2020, length=1803440, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1945
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5973764393876357
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8MxcdEwOUEACdc8/xdcN+MswBDeSKI6Sv74WswB1Jfwr9yfm:8WcdEhUTCdc8JdcN5XDeSAWXYrC
                                                                                                                                                                                                                                                                                                                                                                      MD5:9479A3E4162D0A0BE1CB6C7F13E2F908
                                                                                                                                                                                                                                                                                                                                                                      SHA1:8C04553108B0935D9581DD9B047B465A0C8C2512
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:56B59D68F33E0AF686F8436728139B5FB7F397E765DD2B496C225101DBBF246B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3F1D705A5DBA101FC2754DA42ED0379856957FB176380819E79A208B7BB625FA161E5D32AB3EBDD2BEF19197F0F90181EF08EE75E3E2A628855BC67357C0AF5C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c......I..P...c.............................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2......QK. .TVNSER~1.EXE..L......QK..Y......(.........................t.v.n.s.e.r.v.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnserver.exe..9.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.s.e.r.v.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\...-.r.e.m.o.v.e.I.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.t.v.n.s.e.r.v.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico......................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\TightVNC Viewer.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Dec 17 16:34:22 2020, mtime=Tue Dec 17 19:45:55 2024, atime=Thu Dec 17 16:34:22 2020, length=1061040, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1917
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5665582283413024
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:87xcdEwOe9MA+Aj0dcYApxdcS9+MswGeSKI6TR4Wsw2Jf2J9yfm:8tcdEhewdcldc25MeSFWDJC
                                                                                                                                                                                                                                                                                                                                                                      MD5:DA6E2D7E489BAA225D85A13CB7865FBE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:013A8E45F6261AC6B2D898A72D25FCED74BF55CC
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AA9A038058BEDF342853667F5DDA511399098FD5E5DE590E4B6EC444FCF70132
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5507B116C1B1A3C212341F29B84DB8899069715261C7BB3B4C064895462948D82F013743632BFE60B9203BB1E3909E18F9EB7DE7079AB4EBB812CAA806E297B7
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ....c.....F.o..P...c......0......................}....P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................r.#.T.i.g.h.t.V.N.C.....h.2..0...QK. .TVNVIE~1.EXE..L......QK..Y......*.........................t.v.n.v.i.e.w.e.r...e.x.e.......V...............-.......U..............N.....C:\Program Files\TightVNC\tvnviewer.exe..6.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.t.v.n.v.i.e.w.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.F.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.E.0.6.C.7.9.4.4.-.C.E.0.2.-.4.F.F.B.-.8.7.E.F.-.0.E.9.D.2.7.8.C.6.E.B.C.}.\.v.i.e.w.e.r...i.c.o.........%SystemRoot%\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\viewer.ico.....................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\Visit TightVNC Web Site.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Dec 17 14:24:10 2020, mtime=Tue Dec 17 19:45:55 2024, atime=Thu Dec 17 14:24:10 2020, length=50, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1027
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.615774238444759
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:8mLvkdPYXVh9/Dv0dpF4ygreqoLuqjAwKVbdpyGoNMbdpya1NJDlh9y9ILYumV:8mLLcdEq6WAFdcG/dcyJf9y9yfm
                                                                                                                                                                                                                                                                                                                                                                      MD5:2D0ED7969FCB3D055466C4D18842FCB7
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1CBF0125D519027E3AE6135379789207CEF5FAEF
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AD39D288482BC1F325803567A14B9C27F89CB6FFDFC8A30072D5E6C734066D94
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C4491C3E9066B4D4290549657354D66F0F65CDAD91B637D1EB74CA493D5A03E5321725184EF19AFC73F49F007630603AA9F795DAD1202133077743CCE6F21B43
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.... ...........Jm..P.........2............................P.O. .:i.....+00.../C:\.....................1......Y....PROGRA~1..t......O.I.Y......B...............J......c?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......Y....TightVNC..B......Y...Y......#.....................z.%.T.i.g.h.t.V.N.C.....x.2.2....Q.{ .TIGHTV~1.URL..\......Q.{.Y......).........................T.i.g.h.t.V.N.C. .W.e.b. .S.i.t.e...u.r.l.......^...............-.......]..............N.....C:\Program Files\TightVNC\TightVNC Web Site.url..>.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.T.i.g.h.t.V.N.C. .W.e.b. .S.i.t.e...u.r.l...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.i.g.h.t.V.N.C.\.........&................c^...NI..e.2.......`.......X.......724536...........hT..CrF.f4... .\............%..hT..CrF.f4... .\............%.........A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H....

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_3b0a8280-3635-451f-9cbb-d988938d9925.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1804194646764765
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:CyLMXXjUcbhbVbTbfbRbObtbyEl7nPr2JA6UnSrDtTEd/S9XU:pw4cNhnzFSJvr1LnSrDhEd/wU
                                                                                                                                                                                                                                                                                                                                                                      MD5:90F78506D4C03DD18BD2A6FF77A7EA61
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4A370BA70A751132EA780CCDF2C482C0B2DDA85E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:69F8B320DA451156B33269FD827178AADAAA17F00E0EB091FE09EA6C803E657E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9CC2FC6A320CECC10D792CBE0374A8DF2AE326E35C80123FAEB37C9F2391C48AFF9B092AF6859A385FD4A457569941DB5D7817D388DE564DE2B5DCB2257F4241
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"3b0a8280-3635-451f-9cbb-d988938d9925","creationDate":"2024-12-17T21:52:28.956Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_3b0a8280-3635-451f-9cbb-d988938d9925.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1804194646764765
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:CyLMXXjUcbhbVbTbfbRbObtbyEl7nPr2JA6UnSrDtTEd/S9XU:pw4cNhnzFSJvr1LnSrDhEd/wU
                                                                                                                                                                                                                                                                                                                                                                      MD5:90F78506D4C03DD18BD2A6FF77A7EA61
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4A370BA70A751132EA780CCDF2C482C0B2DDA85E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:69F8B320DA451156B33269FD827178AADAAA17F00E0EB091FE09EA6C803E657E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9CC2FC6A320CECC10D792CBE0374A8DF2AE326E35C80123FAEB37C9F2391C48AFF9B092AF6859A385FD4A457569941DB5D7817D388DE564DE2B5DCB2257F4241
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"3b0a8280-3635-451f-9cbb-d988938d9925","creationDate":"2024-12-17T21:52:28.956Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI4037.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                                                      MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                                                      SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                      • Filename: Documento_Contrato_Seguro_18951492.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: Documento_Contrato_Seguro_25105476.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: Documento_Contrato_Seguro_63452319.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: Documento_Contrato_Seguro_44600862.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: RQ--029.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: Atualizador_Fiscal_NFe_37882912.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: xUPaeKk5wQ.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: 7gBUqzSN3y.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: nwindowsdll.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 19:45:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2673
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9887995036867943
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8HQdkcTEArTwHJidAKZdA1FehwiZUklqehQy+3:8wLKvy
                                                                                                                                                                                                                                                                                                                                                                      MD5:ECCD16E138C48A04E24740C9B62EE94C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CF25B9F38FBE4DB84A41A3176EBD256D9A07A097
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2EB5C83969C4E417FE9359D307B08C45C3C029E5AD230C1536378C2C9016F5C9
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2558E4C3C2217D7A3AA4EDE62C4EE5FDFAA3CFCE08574D4CF8C96EB9718FB7C18CC65747340DB9B8112647BEBBDF50EEE0AB503378FF500E87339EA1FE068C5E
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,....=&...P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 19:45:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2675
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.004431724330509
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8fQdkcTEArTwHJidAKZdA1seh/iZUkAQkqehfy+2:8YLk9QWy
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D92802FF469477AB339A714DF3828D4
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C099B458CD31ADCD4430A69A7715903634C2EA2A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FB3F527E0642EE28DBB91FE9C562CE92EA440832B341C280A1F93801B11E687B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EE9FB5BCB5B94903738CC17EDD6F6CA5D541FE9004EF65380495BF24B16B3D2B106F6D4B2C4C7C0A55F10F876B187DE41BC5814D3C5335C2058785D579DAA3B0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.....U...P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2689
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.011378787473798
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:80QdkcTEArAHJidAKZdA14meh7sFiZUkmgqeh7sVy+BX:8zLknjy
                                                                                                                                                                                                                                                                                                                                                                      MD5:F43477582C5478FCD62E04DEDA0AF96B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:A7DD3A387F11E669141757DB4AD4AB8162EFB0D4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FCE3073FAAA8328A097859AF4726556B41DE53EA688078C11D89B447B4D34784
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A215EE58937FE3992D13D16CFFF0386D336C675C6E1C8E003AC2CDB172AA4D3B15E5DECA07A2BB7AB8F8958C674DD35852E01F080BDCB26C50C2C339D0E47013
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 19:45:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.001366963507258
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8WQdkcTEArTwHJidAKZdA1TehDiZUkwqehLy+R:8RL/dy
                                                                                                                                                                                                                                                                                                                                                                      MD5:32B5F47ACE12180273785B8FEF4C44EE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:8ED595FC77399AE1F2AB703F3E7945AA511961A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:913B3B2B6AAD195E9D424EDB734F10524CDF25752FC999D4E94450B5FC02E6C0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3CEC5706E91A2D6689803706EB76C7FAA5143D7CEEEDC674101B7E554995F01D31127BB89A1000C30A702A75EF1EADBFEAAC2F551D90FD702BA818346CF8BCE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.........P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 19:45:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9939379346763415
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:83aQdkcTEArTwHJidAKZdA1dehBiZUk1W1qehJy+C:89Lf9py
                                                                                                                                                                                                                                                                                                                                                                      MD5:385294879D10C04122E51347B69C27AD
                                                                                                                                                                                                                                                                                                                                                                      SHA1:EDD632328FF4521DFE6A12D89B539329E4A88112
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C784A0E4C3071EC59B0898ED250740CDF71D00AB602F9171B527B4F7F043802F
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E7000993A8CD0EDA589965CD5F814E0868AB165C66413BBE8201707C5EDF8037DD346D743922CA731F2C2C312DA1F4147284869F8631B86049641430C4A25AC0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.......P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 19:45:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2679
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.002036118931023
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8kQdkcTEArTwHJidAKZdA1duTeehOuTbbiZUk5OjqehOuTbjy+yT+:8jLjTfTbxWOvTbjy7T
                                                                                                                                                                                                                                                                                                                                                                      MD5:93245942EF9CF528A7D49BE12D931060
                                                                                                                                                                                                                                                                                                                                                                      SHA1:57542AB47BB1B94A7242007F71FEDDDF8BEBAC23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:29B2632F5187D0AA1C7B52441A82DACB5E3960BCF3DE3A6EF791FABFC5E856E6
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9F12413FA9E1093A421C8037319FB930572043B6B095812B77E14F909CB28D4F2A31D72B74A327795B72F7C1A2D0370A050DEA09A2B22B3BEA896EA164852935
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,........P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.93143245060607
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNrk539wK:8S+OIfPUFuOdwNIOd8jvYR0uLqg3i8P
                                                                                                                                                                                                                                                                                                                                                                      MD5:9A7D59CA6C2D172DD1D7D9BC0C03E05B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4409F4F5F5D29BA00C59233A44C8EEFE78C142BB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C3973AA5ED488B1243568EBAF9CA3E5DCE0BD3613B06FB41416BDBD064F8E30A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F18C90BCBAA18DDEDA2776636DD952E2A8322E55EE7F4983490F3AB058357876A38FC85C0518D6DFCF3CD56A079627CCAB8ABEEB432701733524D5B4B35539BD
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.93143245060607
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNrk539wK:8S+OIfPUFuOdwNIOd8jvYR0uLqg3i8P
                                                                                                                                                                                                                                                                                                                                                                      MD5:9A7D59CA6C2D172DD1D7D9BC0C03E05B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4409F4F5F5D29BA00C59233A44C8EEFE78C142BB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C3973AA5ED488B1243568EBAF9CA3E5DCE0BD3613B06FB41416BDBD064F8E30A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F18C90BCBAA18DDEDA2776636DD952E2A8322E55EE7F4983490F3AB058357876A38FC85C0518D6DFCF3CD56A079627CCAB8ABEEB432701733524D5B4B35539BD
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                      MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                      MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                      MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.035822017202226504
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:GtlstFjHxDJdpEL3WYl3lstFjHxDJdpEL3sXT89//alEl:GtWtpxDJQLWtpxDJQ+89XuM
                                                                                                                                                                                                                                                                                                                                                                      MD5:221E5CDAF30305CEAA7663ED548131F5
                                                                                                                                                                                                                                                                                                                                                                      SHA1:0E44584634BBF258D210864B523939E685D3B7BB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:73240D0DC1F9416C777C5B6AEB1D39E57FA48E04947F81DBC6CF17339F39E606
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F40144ED84DEE1A39C71D1B16810AF8FF38DE09969D1AF9E2F764C8609E2198423D374CC006A61F3BCDDFCB9897DD7A85B742C027B1859E4A78EB23FBD384A94
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................4X....I.9...F....!.....-.....................4X....I.9...F....!...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.03954483637211982
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Ol1J3F1//olNYQV5bazCr9h7l8rEXsxdwhml8XW3R2:KHFwV5+GrLl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                                      MD5:3EFA28D94D257C0794A2A48323FE4315
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F77A81ED12B59F2BA4718D5638BBB4C76BA342A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:41CE0F67D01E9B7B84AD681E1EEA9D9A6C3D2C4B7AF60449B7809E64507F172F
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7A3892AC332B54B73FA285570C129F020867D3B52CFD3251A10D44F88D088B618BFA754A112CA15A8AE9FBD2856B23E4590A8ED10FD106FD77E63170E173C2E6
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:7....-...........9...F...K<.B.[..........9...F...X4I..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.486042476119265
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:qnGRvo1YYbBp6TDLZwxhaXa6+BCNqyd5RuFNBw8dSSl:he4Fwx8+uqSEwV0
                                                                                                                                                                                                                                                                                                                                                                      MD5:5D7DC75D163E3CCBFCEA386E5F7E3CC5
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1409EDE1D259A2FCFC54046C541F1D12254CF17B
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:77FB29B19AE1EC3E4311451370C7B7FFBC44BD1AED223A5E37A40006B8851520
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:28B68D901FFCF554455CAB6BA548D475A3E1B8F648EB7D7A081E12EF8847859DEFC1BF9C27CB2270AFAAED6EA64958A6DCE92DDD5ECF67D3F39E1E5BD5C58774
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734472317);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734472317);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734472317);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173447

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.486042476119265
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:qnGRvo1YYbBp6TDLZwxhaXa6+BCNqyd5RuFNBw8dSSl:he4Fwx8+uqSEwV0
                                                                                                                                                                                                                                                                                                                                                                      MD5:5D7DC75D163E3CCBFCEA386E5F7E3CC5
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1409EDE1D259A2FCFC54046C541F1D12254CF17B
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:77FB29B19AE1EC3E4311451370C7B7FFBC44BD1AED223A5E37A40006B8851520
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:28B68D901FFCF554455CAB6BA548D475A3E1B8F648EB7D7A081E12EF8847859DEFC1BF9C27CB2270AFAAED6EA64958A6DCE92DDD5ECF67D3F39E1E5BD5C58774
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734472317);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734472317);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734472317);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173447

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                      MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5824 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1504
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.249712586081319
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:veSUGliROA7zUYIGLXV+Q62PHYB+mkDT5sEIFGULtsnh3FHuxH0VahRXqvejkDzQ:Wp/IGgQqB+mqZ+CVIe92QDzDCh
                                                                                                                                                                                                                                                                                                                                                                      MD5:84FFD6FFCE4C82020498DD2B079A60D8
                                                                                                                                                                                                                                                                                                                                                                      SHA1:3930AA0916D6BF55483BFED4F13703293F6771B6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0BE797985949FDB22E83BF75F2070CF2951938137BCCE21D045105A24C847152
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9449A1F4560B004A17A39DDBDF54D79AB689C28991C824AC04809C0873FEF6B022BE5F755E2412DB03DB24569C5B99FE44CBFB5A90169A62BFB568471FE24F68
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{4634a054-af57-400d-838d-6e8e446bf464}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{f08a67ed-bc41-45c9-8ba0-c28f0f6d8c3d}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1734472330623,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zB..1...WH..j........E..:..{.1":{..mUpdate...startTim..`285716...centCrash...0},"global..Dcook.. hoa..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"httpon

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5824 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1504
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.249712586081319
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:veSUGliROA7zUYIGLXV+Q62PHYB+mkDT5sEIFGULtsnh3FHuxH0VahRXqvejkDzQ:Wp/IGgQqB+mqZ+CVIe92QDzDCh
                                                                                                                                                                                                                                                                                                                                                                      MD5:84FFD6FFCE4C82020498DD2B079A60D8
                                                                                                                                                                                                                                                                                                                                                                      SHA1:3930AA0916D6BF55483BFED4F13703293F6771B6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0BE797985949FDB22E83BF75F2070CF2951938137BCCE21D045105A24C847152
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9449A1F4560B004A17A39DDBDF54D79AB689C28991C824AC04809C0873FEF6B022BE5F755E2412DB03DB24569C5B99FE44CBFB5A90169A62BFB568471FE24F68
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{4634a054-af57-400d-838d-6e8e446bf464}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{f08a67ed-bc41-45c9-8ba0-c28f0f6d8c3d}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1734472330623,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zB..1...WH..j........E..:..{.1":{..mUpdate...startTim..`285716...centCrash...0},"global..Dcook.. hoa..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"httpon

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5824 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1504
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.249712586081319
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:veSUGliROA7zUYIGLXV+Q62PHYB+mkDT5sEIFGULtsnh3FHuxH0VahRXqvejkDzQ:Wp/IGgQqB+mqZ+CVIe92QDzDCh
                                                                                                                                                                                                                                                                                                                                                                      MD5:84FFD6FFCE4C82020498DD2B079A60D8
                                                                                                                                                                                                                                                                                                                                                                      SHA1:3930AA0916D6BF55483BFED4F13703293F6771B6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0BE797985949FDB22E83BF75F2070CF2951938137BCCE21D045105A24C847152
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9449A1F4560B004A17A39DDBDF54D79AB689C28991C824AC04809C0873FEF6B022BE5F755E2412DB03DB24569C5B99FE44CBFB5A90169A62BFB568471FE24F68
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{4634a054-af57-400d-838d-6e8e446bf464}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{f08a67ed-bc41-45c9-8ba0-c28f0f6d8c3d}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1734472330623,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zB..1...WH..j........E..:..{.1":{..mUpdate...startTim..`285716...centCrash...0},"global..Dcook.. hoa..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"httpon

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.033985804957269
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYzppUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyk:ycldTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:8D937EE51916DD7E89CB38B8E69502C1
                                                                                                                                                                                                                                                                                                                                                                      SHA1:39E168CBE52FE83F10DC0C85559C1A466208B2B4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D00CD5B851C563F964C50D7F303516602A110C91B68E515EA30279B2719D1D61
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6128B3B00B933047270D572CA59A04B0A90BD278F3B551137891F95A451F700655DE3E4B8F37FED49C4A4158BD150C1EA744957F6B4918F4A39574DF5FFAEF95
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-17T21:51:44.457Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.033985804957269
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYzppUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyk:ycldTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:8D937EE51916DD7E89CB38B8E69502C1
                                                                                                                                                                                                                                                                                                                                                                      SHA1:39E168CBE52FE83F10DC0C85559C1A466208B2B4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D00CD5B851C563F964C50D7F303516602A110C91B68E515EA30279B2719D1D61
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6128B3B00B933047270D572CA59A04B0A90BD278F3B551137891F95A451F700655DE3E4B8F37FED49C4A4158BD150C1EA744957F6B4918F4A39574DF5FFAEF95
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-17T21:51:44.457Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\3ecb51.msi

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: TightVNC, Author: GlavSoft LLC., Keywords: Installer, Comments: This installer database contains the logic and data required to install TightVNC., Template: x64;1033, Revision Number: {71AA2E6F-1CEA-4A9C-9880-4477A5035274}, Create Time/Date: Thu Dec 17 05:34:40 2020, Last Saved Time/Date: Thu Dec 17 05:34:40 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2486272
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.586256482384673
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:6Q7YOkxamz4LabHn9As2cF6IDozUB8FUnUI4gFkdqXGrPj:pMfx1zlbH9As2Q6IsUmbldd6
                                                                                                                                                                                                                                                                                                                                                                      MD5:A85259EEC8742FDD4ACFFCDAC54CD930
                                                                                                                                                                                                                                                                                                                                                                      SHA1:696204DE2E5688356BC01BAE037C3B955432ACDD
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:7E80A38C47A1457A35567F30A7EA515248CA391AE3D9DEEC48B31868AF7315B0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1B2FD5B8E723C69250D6DFE2C24BBAA80B1A8D050C4D8CA24A2E92CC7F5D284BBAC711E452F727C2CE12293CCBF7A4E005F3795015626D4A20F20C49F977A6B6
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\3ecb53.msi

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: TightVNC, Author: GlavSoft LLC., Keywords: Installer, Comments: This installer database contains the logic and data required to install TightVNC., Template: x64;1033, Revision Number: {71AA2E6F-1CEA-4A9C-9880-4477A5035274}, Create Time/Date: Thu Dec 17 05:34:40 2020, Last Saved Time/Date: Thu Dec 17 05:34:40 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2486272
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.586256482384673
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:6Q7YOkxamz4LabHn9As2cF6IDozUB8FUnUI4gFkdqXGrPj:pMfx1zlbH9As2Q6IsUmbldd6
                                                                                                                                                                                                                                                                                                                                                                      MD5:A85259EEC8742FDD4ACFFCDAC54CD930
                                                                                                                                                                                                                                                                                                                                                                      SHA1:696204DE2E5688356BC01BAE037C3B955432ACDD
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:7E80A38C47A1457A35567F30A7EA515248CA391AE3D9DEEC48B31868AF7315B0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1B2FD5B8E723C69250D6DFE2C24BBAA80B1A8D050C4D8CA24A2E92CC7F5D284BBAC711E452F727C2CE12293CCBF7A4E005F3795015626D4A20F20C49F977A6B6
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSICD93.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):724352
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.45638862853168
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:agAEa47H4r8Z5VBI/kdqVQwqujnzh85Kqujnzh85H5VBI/kdqVW:hva4UrCI/kdqGwv65Kv65xI/kdqY
                                                                                                                                                                                                                                                                                                                                                                      MD5:0FD79360B6A6806D68030F0657BD085C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:A5F9034099FBB817E1D721F45A6DAC997A4534AE
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C0F9DB7EF3EFDD8D57F50CB09CC5B523ABA950B3E6BBDBB9EAB8B256A5C7D22C
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9206C41668A012C5997FFE0930B018BE44DF7D93F13B068751F2B1BAB941888A369819392E5F1CDA7213FCD01D1A0DE96C229F259DEECC4EB5A87050A501E496
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...@IXOS.@.....@.}.Y.@.....@.....@.....@.....@.....@......&.{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}..TightVNC#.tightvnc-2.8.59-gpl-setup-64bit.msi.@.....@;....@.....@......tvnserver.ico..&.{71AA2E6F-1CEA-4A9C-9880-4477A5035274}.....@.....@.....@.....@.......@.....@.....@.......@......TightVNC......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........AllowSas....J...AllowSas.@A.........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...Q...Q...Q......Q.....Q......Q...P...Q.<...Q.....Q......Q......Q.......Q.Rich..Q.........................PE..d......_.........." .....&...........p.......................................P......y.....@....................................................d....0..........0............@.......C...............................................@...............................text...f%.......&.................. ..`.rdata..

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSICDA4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):158128
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.308283081099323
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:cdwZIkRi/1Aj8wqnIbDkjJwWhEWvLn6ow0v2Je+Bxw+WH:cd5+i/HwqI/k1FCWzWhXq
                                                                                                                                                                                                                                                                                                                                                                      MD5:B2E2C24EBCE4F188CF28B9E1470227F5
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9DE61721326D8E88636F9633AA37FCB885A4BABE
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:233F5E43325615710CA1AA580250530E06339DEF861811073912E8A16B058C69
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:343EA590C7F6B682B3B3E27FD4AB10FFEDED788C08000C6DD1E796203F07BF9F8C65D64E9D4B17CE0DA8EB17AAF1BD09C002359A89A7E5AB09CF2CB2960E7354
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............`...`...`..B....`..B...`..B....`......`......`......`.......`.......`.......`...`...`..`....`..`....`..`....`...`...`..`....`..Rich.`..................PE..d...Hp.].........." .....J... .......Z....................................................`.........................................."......."..d.......x....`.......J..........P.......T............................................`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...x,...0......................@....pdata.......`.......(..............@..@.rsrc...x............<..............@..@.reloc..P............B..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSICF4A.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):130480
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.659038836767763
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:5pijcYqhuHrnnRvHamRQAQ48Xggi7Oc0RRi7Py/PpxEVsbdN:5piAYqhuLnn4mzQ48Xp3
                                                                                                                                                                                                                                                                                                                                                                      MD5:93394D2866590FB66759F5F0263453F2
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F0903D4B21A0231ADD1B4CD02E25C7C4974DA84
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5C29B8255ACE0CD94C066C528C8AD04F0F45EBA12FCF94DA7B9CA1B64AD4288B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F2033997B7622BD7CD6F30FCA676AB02ECF6C732BD44E43358E4857B2CF5B227A5AA6BBBF2828C69DD902CBCC6FF983306787A46104CA000187F0CBA3743C622
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.....................}.......|.........................o............5~.....5~.....5~q..........5~.....Rich............................PE..L....p.]...........!.....2...........E.......P...............................@............@.........................0........................................ ..........T...............................@............P...............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4"..........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSICFD8.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):130480
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.659038836767763
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:5pijcYqhuHrnnRvHamRQAQ48Xggi7Oc0RRi7Py/PpxEVsbdN:5piAYqhuLnn4mzQ48Xp3
                                                                                                                                                                                                                                                                                                                                                                      MD5:93394D2866590FB66759F5F0263453F2
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F0903D4B21A0231ADD1B4CD02E25C7C4974DA84
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5C29B8255ACE0CD94C066C528C8AD04F0F45EBA12FCF94DA7B9CA1B64AD4288B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F2033997B7622BD7CD6F30FCA676AB02ECF6C732BD44E43358E4857B2CF5B227A5AA6BBBF2828C69DD902CBCC6FF983306787A46104CA000187F0CBA3743C622
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.....................}.......|.........................o............5~.....5~.....5~q..........5~.....Rich............................PE..L....p.]...........!.....2...........E.......P...............................@............@.........................0........................................ ..........T...............................@............P...............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4"..........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSID008.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):158128
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.308283081099323
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:cdwZIkRi/1Aj8wqnIbDkjJwWhEWvLn6ow0v2Je+Bxw+WH:cd5+i/HwqI/k1FCWzWhXq
                                                                                                                                                                                                                                                                                                                                                                      MD5:B2E2C24EBCE4F188CF28B9E1470227F5
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9DE61721326D8E88636F9633AA37FCB885A4BABE
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:233F5E43325615710CA1AA580250530E06339DEF861811073912E8A16B058C69
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:343EA590C7F6B682B3B3E27FD4AB10FFEDED788C08000C6DD1E796203F07BF9F8C65D64E9D4B17CE0DA8EB17AAF1BD09C002359A89A7E5AB09CF2CB2960E7354
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............`...`...`..B....`..B...`..B....`......`......`......`.......`.......`.......`...`...`..`....`..`....`..`....`...`...`..`....`..Rich.`..................PE..d...Hp.].........." .....J... .......Z....................................................`.........................................."......."..d.......x....`.......J..........P.......T............................................`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...x,...0......................@....pdata.......`.......(..............@..@.rsrc...x............<..............@..@.reloc..P............B..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSID1ED.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):130480
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.659038836767763
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:5pijcYqhuHrnnRvHamRQAQ48Xggi7Oc0RRi7Py/PpxEVsbdN:5piAYqhuLnn4mzQ48Xp3
                                                                                                                                                                                                                                                                                                                                                                      MD5:93394D2866590FB66759F5F0263453F2
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F0903D4B21A0231ADD1B4CD02E25C7C4974DA84
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5C29B8255ACE0CD94C066C528C8AD04F0F45EBA12FCF94DA7B9CA1B64AD4288B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F2033997B7622BD7CD6F30FCA676AB02ECF6C732BD44E43358E4857B2CF5B227A5AA6BBBF2828C69DD902CBCC6FF983306787A46104CA000187F0CBA3743C622
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.....................}.......|.........................o............5~.....5~.....5~q..........5~.....Rich............................PE..L....p.]...........!.....2...........E.......P...............................@............@.........................0........................................ ..........T...............................@............P...............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4"..........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSID440.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):158128
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.308283081099323
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:cdwZIkRi/1Aj8wqnIbDkjJwWhEWvLn6ow0v2Je+Bxw+WH:cd5+i/HwqI/k1FCWzWhXq
                                                                                                                                                                                                                                                                                                                                                                      MD5:B2E2C24EBCE4F188CF28B9E1470227F5
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9DE61721326D8E88636F9633AA37FCB885A4BABE
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:233F5E43325615710CA1AA580250530E06339DEF861811073912E8A16B058C69
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:343EA590C7F6B682B3B3E27FD4AB10FFEDED788C08000C6DD1E796203F07BF9F8C65D64E9D4B17CE0DA8EB17AAF1BD09C002359A89A7E5AB09CF2CB2960E7354
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............`...`...`..B....`..B...`..B....`......`......`......`.......`.......`.......`...`...`..`....`..`....`..`....`...`...`..`....`..Rich.`..................PE..d...Hp.].........." .....J... .......Z....................................................`.........................................."......."..d.......x....`.......J..........P.......T............................................`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...x,...0......................@....pdata.......`.......(..............@..@.rsrc...x............<..............@..@.reloc..P............B..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\MSID5F7.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):130224
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.043539953109407
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:U5ysv8Vn90O6L4QE7Hdf8hr1dC9DjJ5+/nlw9:UgAuna4n7H18hncBMng
                                                                                                                                                                                                                                                                                                                                                                      MD5:7E753B064A0B3408726AA232FEB7CF8A
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C76C3DC5AE1C05FDB34AE963646A904B60AA5759
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4CF2358692062CDD2920D5D1C6EBDB7F9B81B1D2E5C6FBA24F1BC4027688185F
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9A12F495D4555E6B4EF9AB6173258CCAF73E718D29D4DB134AEB551224016C7C1916261E3301280930F20601FEDE648CB796608E24D4690DEC5FB90CD2D8CEDE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...Q...Q...Q......Q.....Q......Q...P...Q.<...Q.....Q......Q......Q.......Q.Rich..Q.........................PE..d......_.........." .....&...........p.......................................P......y.....@....................................................d....0..........0............@.......C...............................................@...............................text...f%.......&.................. ..`.rdata...t...@...v...*..............@..@.data....B......."..................@....pdata..0...........................@..@.rsrc........0......................@..@.reloc.."....@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\SourceHash{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.7748592217216952
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:JSbX72FjHAGiLIlHVRpg5h/7777777777777777777777777vDHF3VhlkNzll0i5:J5QI5GlGGF
                                                                                                                                                                                                                                                                                                                                                                      MD5:1BDBC7CE66A565CADD536B3BB1BB37B3
                                                                                                                                                                                                                                                                                                                                                                      SHA1:73287A5A70CFB8CE3B2B23343F64D0F01C1D933A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4A851C95DFC9A07ED47D1BA006861C7A4BF4259B5A6E1E0125A03A4678D1C503
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C056BC38C0663A9E8874C694E9DFDAC7BF15AECDF2F0BFFBE0A4A2589DC0B3A0665B42E20C920A14DAE1A826554109C65DE4DD38DC11B5140FF91E2B1D33582D
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.3107342900903338
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:Ld2+YuYNveFXJDT50wjIJwdfj7SoXdc/LPjbP3Rs6g7MgfJDTDStXdcZTa:LPYCbTO7c30XZs6gwgfJz
                                                                                                                                                                                                                                                                                                                                                                      MD5:19130479D93A6443C7FF2E36E76C34FE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C739005C548149C3E6277D7B03AF70A42ACE0E6A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1C11A7DC3D7C7E4BFA974B205F4BE0E3A57BBB75D30475825BC53E37EA152E77
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3C6F853847607A38D458957F4F8384FABBF733D72BA9877909C5B2841E07392AC06905163263A1941376153C563D34F4A7721E3F80B1A7B539153594F978FD59
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\tvnserver.ico

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1078
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.8152062168655703
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:hEipnL+Lme1AntlT4V68/REBCb8GSnvlrCl4MlTt+N8+LZNip85XdF:hEixS6t7aEoQnvdCl4MXtSZNimJr
                                                                                                                                                                                                                                                                                                                                                                      MD5:9A6D7603DA0C1B5468340619E82CBB39
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1623A0C22AE12A486405900C657AFD7871BF88AC
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8BAE0DCAC1E2E7C8EAADD7FDFA21BA1727D7DD81E2D43A9A7522E853FA6508D0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6BA9DB038B3ABB5279CC09F37ECEA15B2B0057119EBB4C47FABFA84DDF382043F104BD470973A56AB2A2C0F7810740D7B5DBF1C1CB87D83C7CDD4CE0948D2BFF
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...... ..........&...........(.......(... ...@.........................................................................................................................................................."""" ..........""""" ..........""""" ..........""""" ..........""""" ......p...."""" .....................................................................p..................................................................................q.................p........................................p.......................................p...............p..............................p...............x.....................................................................................................................................................................................(....... ..................................................................................................................p.." ......" .....................................................p...p...........p.........p..

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Installer\{E06C7944-CE02-4FFB-87EF-0E9D278C6EBC}\viewer.ico

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1078
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.019341271440297
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:hEipnL+io3Uus8iQYsPOlIBp/SLGLNxbg5AY9LgFGL+LZNipP/KdRP/6Gd8J:hEixGSIOa7MAAmaSZNitKdN/6Gd+
                                                                                                                                                                                                                                                                                                                                                                      MD5:BBD91E537D2FDF269DE8F659E587753F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9409E24BA2F4038F367087F257208C3C6475BE49
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E63F94D03ED767BF58CF6553D63AAC3AC3950D6D0D4EF9210D64199366359C6D
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F5F797EB8E3E60C6F7E7BAD8A5127E8F39151DF2B4C2CE916EE0192568145D1528A7A1150042C9EA07495023ADBDFEF66F566D1BF9B825FD757F560A1DBC2F09
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...... ..........&...........(.......(... ...@...................................................................................................................................................w.......................................................................................x........................p.....p..w..........p.p......p.......................pp..w.......................px.........................................www..ww..................ww..............................D@................................p...............p...........................D@..............................ww....................................................................................................................................................................................(....... ................................................................................................................................p..................................................p..........p............p.....

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):454234
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.356177356816747
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauY:zTtbmkExhMJCIpEG90D5JG81IIgM1
                                                                                                                                                                                                                                                                                                                                                                      MD5:EBE15D3C4E28C35E88FA780BB4FA025B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:0A9558AD1BE5F36E2D88092E0441A58A1DAC9F6E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:642811E8B51E0C3E1F91B2D277658D66120718EECB2D68C947B12D5E569ED1DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B5B7823DCC00183AEA1A04245137D3E22F8A8F93A9AA9FC3EBB968E245820C7491C5A1585838A7D0F8F0E32546185C2ED1B3C6FAAF027E11BC9BCA63B5F049EE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4926
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2452908508366507
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:FaqdF78F7B+AAHdKoqKFxcxkFiF7KaqdF7b+AAHdKoqKFxcxkFL:cEOB+AAsoJjykePEb+AAsoJjykh
                                                                                                                                                                                                                                                                                                                                                                      MD5:C29B2015CF0CB38E03C6B41F5AE2563B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:14E2DBF49DD04CA32953818B45ED4FE261219962
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8506AB764F7F5F69947E2538C0DA3DBB321623AAFEB1A3C3B6BC417FF4694D73
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7E8E173C388CDB935D33F9D8099292F999465BCA8C3A0EA18FCEBACDE14B924614A9A37B37055873EB61EB5AA6AA60129F130D6C0E16D96270D80F52B920A202
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DF460F331502327A71.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.3107342900903338
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:Ld2+YuYNveFXJDT50wjIJwdfj7SoXdc/LPjbP3Rs6g7MgfJDTDStXdcZTa:LPYCbTO7c30XZs6gwgfJz
                                                                                                                                                                                                                                                                                                                                                                      MD5:19130479D93A6443C7FF2E36E76C34FE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C739005C548149C3E6277D7B03AF70A42ACE0E6A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1C11A7DC3D7C7E4BFA974B205F4BE0E3A57BBB75D30475825BC53E37EA152E77
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3C6F853847607A38D458957F4F8384FABBF733D72BA9877909C5B2841E07392AC06905163263A1941376153C563D34F4A7721E3F80B1A7B539153594F978FD59
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DF657A3C7A72A9113B.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.15102942422912072
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:KATtStXdcKSoXdc/LPjbP3Rs6g7MgfJDTKz6xwqIX:LS0XZs6gwgfJd+
                                                                                                                                                                                                                                                                                                                                                                      MD5:2FDDA4C707518B8F7517A75A1CF00064
                                                                                                                                                                                                                                                                                                                                                                      SHA1:274A91C5D35D9AE9B05C7497C907D7CAAAEA5CF0
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C6B291BE3FDAB1B2D94F384B29AD4383A0E173C6B2F86344E3DBEEA28299E4EE
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:ECC00234E58C2D86FE0E5077CA520D2A57561BC346DAE72B66D39CAF0F03F125E43E3B5A0DC50799D238DE9CEB1EE3203EF0E9B888302778B24EE8492A77B139
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DF8BAB458F4866F468.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08048930372539312
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO3l9PdVsGl5PJV0XNtKVky6l31:2F0i8n0itFzDHF3VhlkNzl
                                                                                                                                                                                                                                                                                                                                                                      MD5:0CE6A41CCACAA3833DC2BB6807A43A33
                                                                                                                                                                                                                                                                                                                                                                      SHA1:7F247A28B81F5E5B186FB3D7B60CB853E096A287
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:7FD254E4F4D914AB1E251141CE494C3A7D2D3EE361A19A7DFD80D7875EFCF1DD
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9519BA855870B91C4F30C0AF07F56EA7EE22AF671F5E15B87E3ABDE7F9CABBB1ADD721D35A10F68711324EFAC4FC277BE2DA2494E9BA49A3D2776E2BA15D8D25
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DF9918DB755679C2BC.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DFBA5847649EB35F84.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.3107342900903338
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:Ld2+YuYNveFXJDT50wjIJwdfj7SoXdc/LPjbP3Rs6g7MgfJDTDStXdcZTa:LPYCbTO7c30XZs6gwgfJz
                                                                                                                                                                                                                                                                                                                                                                      MD5:19130479D93A6443C7FF2E36E76C34FE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C739005C548149C3E6277D7B03AF70A42ACE0E6A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1C11A7DC3D7C7E4BFA974B205F4BE0E3A57BBB75D30475825BC53E37EA152E77
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3C6F853847607A38D458957F4F8384FABBF733D72BA9877909C5B2841E07392AC06905163263A1941376153C563D34F4A7721E3F80B1A7B539153594F978FD59
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DFBE94D8D9FA921CD2.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DFC7B8E58E132D6B61.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\Temp\~DFCBA01EF0E72AB8B0.TMP

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.3107342900903338
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:Ld2+YuYNveFXJDT50wjIJwdfj7SoXdc/LPjbP3Rs6g7MgfJDTDStXdcZTa:LPYCbTO7c30XZs6gwgfJz
                                                                                                                                                                                                                                                                                                                                                                      MD5:19130479D93A6443C7FF2E36E76C34FE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C739005C548149C3E6277D7B03AF70A42ACE0E6A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1C11A7DC3D7C7E4BFA974B205F4BE0E3A57BBB75D30475825BC53E37EA152E77
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3C6F853847607A38D458957F4F8384FABBF733D72BA9877909C5B2841E07392AC06905163263A1941376153C563D34F4A7721E3F80B1A7B539153594F978FD59
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 139

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2741)
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2746
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.8856379209050464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:bdAHDGpVlKlgZ01kFmWRhnoNpCYznDYDuuL3/0VYq0RwlE/9kSRWrA6nuSEqmffr:bqipVMliVRpPQYiuL3cV5La9J6gffff7
                                                                                                                                                                                                                                                                                                                                                                      MD5:813DC8056F4059AB86F34017BCF45F6F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:A15FFA51E2BCCD170AB057C85BB10A1AFAE0FEF2
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:673EE0FF8F8F9702CC5F50610518A6E77CDDB17CAA07986E6493B5D5447FC242
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F85D0815A7C473E7C6B91289FF953E6B4B836BA1F84C97E7F806460DDB40AFA604B262D986480958D74ED73EE53364D6494265CEBC1F1D21532487B4E3EAC9F2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                                                                                      Preview:)]}'.["",["nyt mini crossword clues","vanuatu earthquakes","wells fargo 2024 settlement details","fantasy football rankings week 16","nyt strands hints december 17","tornado warning userfornia scotts valley","rocket launch spacex falcon 9","texas a\u0026m football"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wMjZsZzY4Eg1Gb290YmFsbCB0ZWFtMuYJZGF0YTppbWFnZS9wbmc7YmFzZTY0LGlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFFQUFBQUExQ0FNQUFBREdXQjJlQUFBQWgxQk1WRVgvLy85UUFBQk5BQUJPQUFCUEFBQklBQUJWQUFENTkvZWhoSVJMQUFCakppYkh0N2M3QUFCRkFBQ2FlM3Q4V0ZqdzZlbkNyYTAvQUFCbUpDVG0zZDIyblozTndNQ0RYVjMwOFBCM1JFUnhPenVVY25LQ1YxZC9VbEttaW9yaTE5Zlp5OHRaSGg1ZUd4dGFEdyt3bEpTTmFXa3BBQUJwTURCMVNVbHFPenRjSmlZMUFBQlVFQkJFczRPU0FBQUN6MGxFUVZSSWliMlcyWGFiTUJDR3RZSmxXeTVSdllBcEJqdlFPSW5mLy9tcTBj

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 140

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):117446
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                                                                                                                                      MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                                                                                                                                      SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                                                                                                                      Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 141

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 142

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):132733
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.436896044378184
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:fxkJQ7O4N5dTm+syHEt4W3XdQ4Q6duSr/nUW2i6o:fYQ7HTt/sHdQ4Q6dDfUW8o
                                                                                                                                                                                                                                                                                                                                                                      MD5:917CC6CC15BA149048A29A18A39A976C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5BA94E0FECFA9E5CB51FABD74AFE6359D277D54A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:385B8BE96CD9A1863CF62951A87A513210B6B38260F68A686C8647B45534294B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C8C07E72A30C17C1649F056477B26F39492C8651F44A8CC4287AE3992FBC636C9E1B031A7A1BA4550590009EFCDC2120C060D9F9F4749E087307760AF2CDC29B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 143

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):175897
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                                                                                                                                      MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                                                                                                                                      SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                                                                                                                                      Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 144

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5162
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                                                                                      MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                                                                                                      Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 145

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                                                                                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                                                                                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: TightVNC, Author: GlavSoft LLC., Keywords: Installer, Comments: This installer database contains the logic and data required to install TightVNC., Template: x64;1033, Revision Number: {71AA2E6F-1CEA-4A9C-9880-4477A5035274}, Create Time/Date: Thu Dec 17 05:34:40 2020, Last Saved Time/Date: Thu Dec 17 05:34:40 2020, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.586256482384673
                                                                                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                                                                                      • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                                                                                      • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                                                                                      File name:tightvnc-2.8.59-gpl-setup-64bit.msi
                                                                                                                                                                                                                                                                                                                                                                      File size:2'486'272 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5:a85259eec8742fdd4acffcdac54cd930
                                                                                                                                                                                                                                                                                                                                                                      SHA1:696204de2e5688356bc01bae037c3b955432acdd
                                                                                                                                                                                                                                                                                                                                                                      SHA256:7e80a38c47a1457a35567f30a7ea515248ca391ae3d9deec48b31868af7315b0
                                                                                                                                                                                                                                                                                                                                                                      SHA512:1b2fd5b8e723c69250d6dfe2c24bbaa80b1a8d050c4d8ca24a2e92cc7f5d284bbac711e452f727c2ce12293ccbf7a4e005f3795015626d4a20f20c49f977a6b6
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:6Q7YOkxamz4LabHn9As2cF6IDozUB8FUnUI4gFkdqXGrPj:pMfx1zlbH9As2Q6IsUmbldd6
                                                                                                                                                                                                                                                                                                                                                                      TLSH:A2B5F1277E914076D5BA0E3588778B219B79BC201B20879F5354721DDEF32D06E3ABE2
                                                                                                                                                                                                                                                                                                                                                                      File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                                                                                      Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:12.657546043 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:12.969682932 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:13.578979015 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:14.783907890 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:17.072684050 CET4968980192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:17.193780899 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:20.817106009 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:21.120771885 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:21.723737955 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:22.008816957 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:22.934847116 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:25.295000076 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:25.342735052 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:25.597723007 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.204732895 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336052895 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336119890 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336199045 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336277008 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336307049 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336355925 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336699963 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336725950 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336777925 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.336796045 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.603164911 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.603216887 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.603296041 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.603616953 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.603630066 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.635890007 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.635902882 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.636042118 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.636264086 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.636274099 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:27.415731907 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.041687965 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.042104959 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.042174101 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.043693066 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.043771029 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.044779062 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.044868946 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.044980049 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.045001984 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.045989037 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.046235085 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.046258926 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.047926903 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.048002005 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.048810959 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.048899889 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.048949957 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.086839914 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.095339060 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.102689028 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.102703094 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.150710106 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.298307896 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.298654079 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.298682928 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.300126076 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.300185919 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.300802946 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.300884962 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.300956011 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.330127001 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.330578089 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.330591917 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.332072020 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.332124949 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.339513063 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.339843988 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.341733932 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.341741085 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.388854027 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.388854980 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.388869047 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.436743975 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.876625061 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.876689911 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.876764059 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.876801968 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.878952980 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.879045963 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.879201889 CET49723443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.879220009 CET44349723172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918468952 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918643951 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918751001 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918814898 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918828964 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918963909 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.918972969 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.929918051 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.929991961 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.930011034 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.935776949 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.937437057 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.937446117 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.952255964 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.952327967 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.952342987 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.006707907 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.037818909 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.086703062 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.086719036 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.110013008 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.110078096 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.110091925 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.120457888 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.120515108 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.120522976 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.129968882 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.130023956 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.130032063 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.141180992 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.141381979 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.141783953 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.142990112 CET49727443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.143007994 CET44349727172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.143583059 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.143964052 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.143974066 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.157358885 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.157428026 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.157438993 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.170277119 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.170378923 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.170388937 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.183906078 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.184056997 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.184065104 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.198592901 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.198772907 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.198781967 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.212882996 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.212939024 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.212945938 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.224961996 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.225020885 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.225025892 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.235481977 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.235536098 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.235541105 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.249231100 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.249394894 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.249403000 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.292716026 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.294878006 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.302134991 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.302201033 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.302208900 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.316679955 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.316749096 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.316756010 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.330151081 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.330205917 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.330213070 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.342812061 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.342878103 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.342885971 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.352781057 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.352838993 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.352848053 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.364743948 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.364808083 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.364814997 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.376225948 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.376286030 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.376296043 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.388129950 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.388195992 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.388202906 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.404474020 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.404545069 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.404551983 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.414022923 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.414092064 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.414103031 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.425096035 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.425164938 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.425173044 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.434591055 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.434658051 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.434665918 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.442599058 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.442676067 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.442682981 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.453624010 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.453695059 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.453701973 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.463149071 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.463222980 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.463228941 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.471561909 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.471623898 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.471631050 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.480854988 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.480916023 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.480922937 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.490221977 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.490272999 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.490279913 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.499530077 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.499592066 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.499598980 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.505249023 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.505319118 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.505326033 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.510996103 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.511056900 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.511064053 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.527139902 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.527264118 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.527267933 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.527296066 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.527415991 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.529089928 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.532588959 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.532695055 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.532702923 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.537077904 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.537139893 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.537147045 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.542382002 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.542443037 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.542448997 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.548243999 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.548305035 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.548316002 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.554685116 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.554744005 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.554759026 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.556652069 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.556718111 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.556724072 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.561625957 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.561707020 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.561707973 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.561736107 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.561777115 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.562005043 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.562074900 CET44349724172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.562199116 CET49724443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.818753958 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:30.154701948 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:31.620713949 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.678002119 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.678056955 CET4434973635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.678220034 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.684386015 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.684401035 CET4434973635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.069931030 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.069943905 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.082952023 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.083389044 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.083405972 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.902858973 CET4434973635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.902985096 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.983000994 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.983059883 CET4434973635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.983131886 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.983293056 CET4434973635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.986246109 CET49736443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.382519960 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.382570028 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.382683039 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.383017063 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.383030891 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.621731043 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.763726950 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.788652897 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.789155960 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.789189100 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.790286064 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.790309906 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.790349960 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.791507006 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.791584969 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.791692972 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.836711884 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.836745024 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.883306026 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.883402109 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.883606911 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.883692026 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.008503914 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.283418894 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.283478022 CET4434974134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.284418106 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.285959959 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.285978079 CET4434974134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.310837030 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.310863018 CET4434974234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.311125040 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313045025 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313062906 CET4434974234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313587904 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313596010 CET4434974335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313699007 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313852072 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.313863039 CET4434974335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473248959 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473303080 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473341942 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473372936 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473417997 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473472118 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.473504066 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.486689091 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.486733913 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.486838102 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.486865044 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.486917019 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.492837906 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.505394936 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.505604029 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.505619049 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.558706999 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.593044996 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.636708021 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.636735916 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.668793917 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.669202089 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.669228077 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.674716949 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.674768925 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.674777031 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.686340094 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.686495066 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.686503887 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.699265957 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.699719906 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.699729919 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.713006020 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.713068008 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.713092089 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.726082087 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.726135969 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.726142883 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.736664057 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.736737967 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.736747980 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.749813080 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.749869108 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.749880075 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.765917063 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.768034935 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.768054008 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.775249958 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.775434971 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.775444031 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.788352013 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.788495064 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.788501978 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.801192045 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.802584887 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.802592039 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.850698948 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.850713015 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.860076904 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.860172033 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.860194921 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.863082886 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.866744995 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.866754055 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.870559931 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.870623112 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.881534100 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.881694078 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.881762028 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.881772995 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.894476891 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.896492958 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.896886110 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.896897078 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.907865047 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.907922029 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.907927036 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.918827057 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.918889046 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.918904066 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.930227041 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.930284977 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.930299044 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.940869093 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.940941095 CET4434974534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.941065073 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.941261053 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.941274881 CET4434974534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.941867113 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.944396019 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.944408894 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.953540087 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.953607082 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.953614950 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.964217901 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.964277983 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.964284897 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.974760056 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.974955082 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.975729942 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.975734949 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.984944105 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.986166000 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.986175060 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.994947910 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.997417927 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.997425079 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.004534006 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.004897118 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.004903078 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.013545036 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.019711018 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.019718885 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.020881891 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.025055885 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.025067091 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.025181055 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.030137062 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.031603098 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.031613111 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.038300991 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.046524048 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.046566010 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047034025 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047070980 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.055030107 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.062450886 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.062465906 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.063690901 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.064532042 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.064539909 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.072660923 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.074387074 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.074425936 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.075026989 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.075066090 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.075074911 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.075263023 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.075275898 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.075839043 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.076267958 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.077155113 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.078670979 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.078679085 CET44349738142.250.181.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.079724073 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.079737902 CET49738443192.168.2.16142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.079833031 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.079840899 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.090831995 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.090933084 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.093151093 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.093167067 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.093175888 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.140711069 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.140722036 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.186748981 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.513319016 CET4434974134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.513394117 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.518624067 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.518637896 CET4434974134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.518695116 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.518802881 CET4434974134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.518850088 CET49741443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.534315109 CET4434974234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.534560919 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.536468983 CET4434974335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.536639929 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.539504051 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.539521933 CET4434974335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.539968967 CET4434974335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543337107 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543346882 CET4434974234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543374062 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543479919 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543539047 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543560028 CET4434974234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543612003 CET49742443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543673038 CET4434974335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.543742895 CET49743443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.809361935 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.812978983 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.813457966 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.814337969 CET49739443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.814354897 CET44349739172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.091321945 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.169116020 CET4434974534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.171734095 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.211776018 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.211936951 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.688879013 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.688913107 CET4434974534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.689363956 CET4434974534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.690534115 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.690558910 CET4434974634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.690632105 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.692543030 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.692559958 CET4434974634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.694283962 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.694365025 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.694494963 CET4434974534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.694565058 CET49745443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.842134953 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.842238903 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.942437887 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.942480087 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.942662954 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.944036961 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.944073915 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.961802006 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.961822987 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.961893082 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.961930037 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.962013960 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.962120056 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.031816006 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.031969070 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.032023907 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.081549883 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.081641912 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.465665102 CET49728443192.168.2.16172.217.19.228
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.465723991 CET44349728172.217.19.228192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.919250965 CET4434974634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.919332981 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.924817085 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.924823999 CET4434974634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.924941063 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.925028086 CET4434974634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.925127029 CET49746443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.925343990 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.925390005 CET4434975034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.925460100 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.926707983 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.926724911 CET4434975034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.047972918 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.048938036 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.097704887 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.097961903 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.164361000 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.164459944 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.169400930 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.169418097 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.169492006 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.169600010 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.169836044 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.241441011 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.241488934 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.241693020 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.241884947 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.241899014 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.262762070 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.294331074 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.354064941 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.354104042 CET4434975234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.354568958 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.354809046 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.354820967 CET4434975234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.382713079 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.414171934 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.577868938 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.595742941 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.595765114 CET4434975434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.597212076 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.598588943 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.598602057 CET4434975434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.608711004 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.611788988 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.659735918 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.731604099 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.767693043 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.926814079 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.971678972 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.147819996 CET4434975034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.147902012 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.212655067 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.212688923 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.213027954 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.213067055 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.213181973 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.213217020 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215437889 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215455055 CET4434975034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215512037 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215646029 CET4434975034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215826035 CET49750443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215843916 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215852976 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.215866089 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.217119932 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.217133999 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.217305899 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.217334032 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.218607903 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.218630075 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.230607986 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.236553907 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.236563921 CET4434975834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.236681938 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.238064051 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.238075018 CET4434975834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.350104094 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.544800997 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.568531036 CET4434975234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.568628073 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.591747046 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.652745962 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.652761936 CET4434975234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.653129101 CET4434975234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.682377100 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.682493925 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.682579041 CET4434975234.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.682636023 CET49752443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.682915926 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.682951927 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.683023930 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.683183908 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.683201075 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.817224979 CET4434975434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.825774908 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.938487053 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.946433067 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.946480036 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.947033882 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.947596073 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.947760105 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.947771072 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.947772026 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.947899103 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.992727995 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.094115019 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.094136000 CET4434975434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.094202042 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.094713926 CET4434975434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.094777107 CET49754443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.430747032 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.430845022 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.432224989 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.432303905 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.433516026 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.433578014 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.433648109 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.433660030 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.433988094 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441426992 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441637993 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441647053 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441656113 CET4434975635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441703081 CET49756443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441808939 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441808939 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441822052 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.441996098 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.442094088 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.442749023 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.442760944 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.442837000 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.442946911 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.446365118 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.450419903 CET4434975834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.450506926 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.455236912 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.455240965 CET4434975834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.455305099 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.455393076 CET4434975834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.455435038 CET49758443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.722096920 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.722435951 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.722498894 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.723259926 CET49751443192.168.2.16172.217.19.206
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.723274946 CET44349751172.217.19.206192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.914983988 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.915172100 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.918431997 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.918447018 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.918684959 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.921078920 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.921224117 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.921242952 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.921256065 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:41.921294928 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:44.226697922 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:47.354465008 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:47.354548931 CET4434976034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:47.354645967 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:47.355961084 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:47.355988026 CET4434976034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:48.567421913 CET4434976034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:48.567614079 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.432154894 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.435636997 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.435667992 CET4434976034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.435710907 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.436012030 CET4434976034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.436371088 CET49760443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.551861048 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.747154951 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.793684006 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.168126106 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.293575048 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.314064026 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.314104080 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.314186096 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.315464973 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.315479040 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.445759058 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.445857048 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.445887089 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.445935965 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.445971966 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.446022034 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.446058035 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.446156979 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.446191072 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.446418047 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.446511030 CET4434976534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450654984 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450726986 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450726986 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450727940 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450738907 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450836897 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450851917 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450894117 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.450911999 CET4434976534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.467741966 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.467782021 CET4434976634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.467871904 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.467957973 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.467968941 CET4434976634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.489556074 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.531714916 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.487663984 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.528166056 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.528266907 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.533602953 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.533628941 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.533704996 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.533854008 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.533914089 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.607362986 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.659068108 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.659173012 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.663017988 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.663053036 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.663464069 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.664063931 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.664200068 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.664283991 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.664419889 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.666593075 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.666613102 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.666970015 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.668862104 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.668881893 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.669235945 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.669682980 CET4434976534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.669796944 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.673465014 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.673497915 CET4434976534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.673882008 CET4434976534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.676251888 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.676515102 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.676531076 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.676549911 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.678911924 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.678946018 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.679068089 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.679131985 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.679162979 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.679367065 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.679388046 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.679450989 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.681117058 CET4434976634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.681499004 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.681508064 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.681581020 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.681910992 CET4434976534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.681992054 CET49765443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.685312986 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.685327053 CET4434976634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.685822964 CET4434976634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.688930035 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.689009905 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.689176083 CET4434976634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.689254999 CET49766443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.802453041 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.847692013 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.883363962 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.883449078 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.551604986 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.553122044 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.553186893 CET4434976734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.553261042 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.554686069 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.554713964 CET4434976734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.555965900 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.556013107 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.556698084 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.556797028 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.556811094 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.671277046 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.713316917 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.713363886 CET4434976934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.713478088 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.713577986 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.713587999 CET4434976934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.867970943 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.920655966 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.637917042 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.760562897 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.785096884 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.785248041 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.785404921 CET4434976734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.785475016 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.923464060 CET4434976934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.924308062 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.965188026 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.010684013 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.387090921 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.387111902 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.387576103 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.391556978 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.391580105 CET4434976934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.392036915 CET4434976934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.429683924 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:55.444686890 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.135452032 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.135921001 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136043072 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136075974 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136117935 CET4434976734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136142969 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136152029 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136249065 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136316061 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136363029 CET4434976734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136420965 CET49767443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136466980 CET4434976934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:56.136519909 CET49769443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.233937979 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.237034082 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.237086058 CET4434977034.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.237162113 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.238621950 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.238651991 CET4434977034.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.353718042 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.549257994 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.592713118 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.450824976 CET4434977034.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.456968069 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.472033978 CET4969980192.168.2.162.22.50.131
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.472115040 CET4970180192.168.2.162.22.50.131
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.599281073 CET80496992.22.50.131192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.599797010 CET80497012.22.50.131192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.603401899 CET4969980192.168.2.162.22.50.131
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:58.603466988 CET4970180192.168.2.162.22.50.131
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:59.864315987 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:59.864351988 CET4434977034.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:59.864423990 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:59.864669085 CET4434977034.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:59.864725113 CET49770443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.360950947 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.365706921 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.482147932 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.487152100 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.676991940 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.681124926 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.684199095 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.736670017 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.803925037 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.000041008 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.043658972 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.820873022 CET4969780192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.820960999 CET4970580192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821011066 CET4969580192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821070910 CET4970080192.168.2.16152.199.19.74
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821100950 CET4969880192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821142912 CET4970380192.168.2.16152.199.19.74
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821171999 CET4970280192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821208000 CET4969680192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821239948 CET4969280192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821284056 CET4969480192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.821325064 CET4969380192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.941227913 CET8049697104.18.38.233192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.941293955 CET4969780192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943325996 CET8049705192.229.221.95192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943356991 CET8049695104.18.38.233192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943384886 CET4970580192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943396091 CET8049700152.199.19.74192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943420887 CET4969580192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943455935 CET4970080192.168.2.16152.199.19.74
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943473101 CET8049698104.18.38.233192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943523884 CET4969880192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943547964 CET8049703152.199.19.74192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943598986 CET4970380192.168.2.16152.199.19.74
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943763971 CET8049702192.229.221.95192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943790913 CET8049696104.18.38.233192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943803072 CET8049692104.18.38.233192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943814039 CET4970280192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943840981 CET8049694104.18.38.233192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943851948 CET4969680192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943856001 CET8049693199.232.214.172192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943871975 CET4969280192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943919897 CET4969480192.168.2.16104.18.38.233
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.943933964 CET4969380192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485527039 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485630035 CET4434977235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485749006 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485878944 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485898018 CET4434977235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310419083 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310451031 CET4434977334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310892105 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310942888 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310950041 CET4434977334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.540853977 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.540903091 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.540987015 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.541168928 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.541181087 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.723334074 CET4434977235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.723422050 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.726080894 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.726104975 CET4434977235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.726361036 CET4434977235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.731384993 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.731476068 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.731573105 CET4434977235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.731920958 CET49772443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:05.527600050 CET4434977334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:05.527684927 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:05.758097887 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:05.764812946 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.498264074 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.498291016 CET4434977334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.498663902 CET4434977334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.501302004 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.501337051 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.501672983 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505357981 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505492926 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505515099 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505609989 CET4434977334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505698919 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505709887 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505727053 CET44349774151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.505866051 CET49774443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:07.506222010 CET49773443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.963514090 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.963619947 CET44349775151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.963682890 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.963740110 CET4434977634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.964134932 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.964354038 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.964365005 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:08.964396954 CET44349775151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.315757036 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.315784931 CET4434977634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.333102942 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.333756924 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.333800077 CET4434977735.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.334440947 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.335947037 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.335967064 CET4434977735.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.452900887 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.647797108 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.682483912 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.682528973 CET4434977835.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.682888985 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.684367895 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.684381962 CET4434977835.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.701663017 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.176506042 CET44349775151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.181767941 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.184910059 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.184938908 CET44349775151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.185301065 CET44349775151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.190037012 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.190114975 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.190294027 CET44349775151.101.193.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.190357924 CET49775443192.168.2.16151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.526990891 CET4434977634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.527093887 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.530056953 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.530067921 CET4434977634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.530313015 CET4434977634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.533173084 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.533260107 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.533332109 CET4434977634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.533381939 CET49776443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.551271915 CET4434977735.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.551350117 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.556735992 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.556751013 CET4434977735.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.556823015 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.556901932 CET4434977735.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.556974888 CET49777443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.929825068 CET4434977835.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.929904938 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.934437037 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.934453964 CET4434977835.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.934519053 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.934608936 CET4434977835.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.934658051 CET49778443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.012749910 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.013659000 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.015825987 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.132533073 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.133245945 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.135380983 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.152744055 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.152834892 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.152848005 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.152879000 CET4434978035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.152960062 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.152992010 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155375004 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155510902 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155514002 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155518055 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155554056 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155622959 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155636072 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155682087 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.155699015 CET4434978035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.323162079 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.323199034 CET4434978234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.323303938 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.324764967 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.324785948 CET4434978234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.327630997 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.330169916 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.369661093 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.384670019 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.365051985 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.365158081 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.367896080 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.367925882 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.368247986 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.368618965 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.368690014 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.368791103 CET4434978035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.368854046 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.371150017 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.371160984 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.371401072 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.373342991 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.373354912 CET4434978035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.373605967 CET4434978035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.377131939 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.377348900 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.377393961 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.377393961 CET49779443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.377418041 CET4434977935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.378699064 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.378748894 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.378849983 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.378866911 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.378896952 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.378906012 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.379009008 CET4434978035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.379050970 CET49780443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.538404942 CET4434978234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.538499117 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.543529034 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.543581009 CET4434978234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.543617964 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.543730021 CET4434978234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:12.543906927 CET49782443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967154980 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967253923 CET4434978334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967340946 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967411995 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967650890 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967689991 CET4434978334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.087040901 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.165966988 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.282242060 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.287522078 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.336652994 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.482081890 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.524633884 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.722011089 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.842286110 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.037359953 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.084656954 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.193846941 CET4434978334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.193938971 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.197197914 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.197222948 CET4434978334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.197489977 CET4434978334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200078964 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200220108 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200238943 CET4434978334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200339079 CET49783443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200675011 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200725079 CET4434978534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200805902 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200916052 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.200927973 CET4434978534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.422466040 CET4434978534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.422544956 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.425782919 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.425796032 CET4434978534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.426057100 CET4434978534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.428766966 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.428863049 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.428914070 CET4434978534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.428963900 CET49785443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.432063103 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.551681995 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.746579885 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.749706030 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.792665958 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.869252920 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:18.064946890 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:18.118648052 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:27.758009911 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:27.877628088 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.072902918 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.192449093 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.245811939 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.365761995 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.562082052 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.565397024 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.607637882 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.684842110 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.880162001 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.923662901 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073319912 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073358059 CET4434978834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073472977 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073514938 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073594093 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073601961 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073669910 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073766947 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073781013 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073781013 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073834896 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074008942 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074007988 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074013948 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074032068 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074085951 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074105978 CET4434979234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074145079 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074173927 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074178934 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074256897 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074269056 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074352026 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074377060 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074425936 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074433088 CET4434978834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074763060 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074773073 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074882030 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.074913979 CET4434979234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.127558947 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.127584934 CET4434979434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.127680063 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.129211903 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.129225016 CET4434979434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.286340952 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.286458015 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.286557913 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.286623001 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.288357019 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.288428068 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.289772987 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.289803028 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.290091991 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.292124033 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.292143106 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.292424917 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294043064 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294126987 CET4434978834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294138908 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294198036 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294277906 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294338942 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.294603109 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.296118975 CET4434979234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.296221018 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.296935081 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.296943903 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.297856092 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.299253941 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.299274921 CET4434978834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.299617052 CET4434978834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.302582026 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.302615881 CET4434979234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.303031921 CET4434979234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.307883024 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.308080912 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.308284998 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.308794975 CET49791443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.308832884 CET4434979134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.308888912 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.309078932 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.309122086 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.309492111 CET49790443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.309510946 CET4434979034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.309617996 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.309787989 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310151100 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310164928 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310183048 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310333014 CET49789443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310348034 CET4434978934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310417891 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310558081 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310612917 CET4434978834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310617924 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310844898 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310858011 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.310868025 CET49788443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.311624050 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.311652899 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.311877966 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312141895 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312175035 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312330008 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312483072 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312500000 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312608004 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.312618017 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.313527107 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.313606977 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.313913107 CET4434979234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.313982964 CET49792443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.315232992 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.346195936 CET4434979434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.346271038 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.351054907 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.351059914 CET4434979434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.351126909 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.351294041 CET4434979434.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.351356983 CET49794443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.437974930 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.632707119 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.635524035 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.675648928 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.757191896 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.952795029 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.006603003 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.532443047 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.532680035 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.535876036 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.535892963 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.536173105 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.537693977 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.537791967 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.539905071 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.539915085 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.540396929 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.540839911 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.540966034 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.541013956 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.541069031 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.543673992 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.543792963 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.543885946 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.543967009 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.544902086 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.664436102 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.859420061 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.861973047 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.899682045 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.981605053 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:38.178934097 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:38.228665113 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:47.861592054 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:47.981626987 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:48.190649033 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:48.310334921 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:53.505821943 CET49710443192.168.2.1620.190.177.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:53.520960093 CET4971180192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:53.626595020 CET4434971020.190.177.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:53.626672983 CET49710443192.168.2.1620.190.177.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:53.641115904 CET8049711192.229.221.95192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:53.641380072 CET4971180192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:57.985702038 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.106379032 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.316638947 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.528805971 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.707731009 CET49712443192.168.2.1620.190.177.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.829042912 CET4434971220.190.177.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.829149008 CET49712443192.168.2.1620.190.177.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:08.114799976 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:08.238935947 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:08.535208941 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:08.657928944 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:18.240598917 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:18.364748955 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:18.667149067 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:18.786830902 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.589097977 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.589190960 CET4434979834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.589348078 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.592015982 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.592051029 CET4434979834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.809710979 CET4434979834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.809843063 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.817296028 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.817342043 CET4434979834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.817449093 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.817645073 CET4434979834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.817806005 CET49798443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.821893930 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.941797018 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.136693954 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.143816948 CET4974780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.193593025 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.263540030 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.459278107 CET804974734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.508573055 CET4974780192.168.2.1634.107.221.82

                                                                                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:25.873622894 CET53575671.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:25.887814045 CET53541771.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.192483902 CET5641753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.192867041 CET5008553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.333266020 CET53564171.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.333594084 CET53500851.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:28.881136894 CET53654491.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:29.787843943 CET53532531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.678224087 CET5048153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.816152096 CET53504811.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.817552090 CET5813553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.923192978 CET6407653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.923192978 CET6157353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.057904005 CET53617091.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.062345028 CET53640761.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.065047979 CET53615731.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.143551111 CET53581351.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.236546993 CET5978553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.236713886 CET5241953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.373338938 CET53597851.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.374084949 CET53524191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.623784065 CET6454453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.764019966 CET5013953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.901204109 CET53501391.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.903067112 CET6255553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.045159101 CET53625551.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.143058062 CET5628253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.172683001 CET5479353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.282360077 CET53562821.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.283523083 CET5717153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.309854984 CET53547931.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.310832977 CET6431653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.312912941 CET6525653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET53571711.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.448729038 CET53643161.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.453875065 CET53652561.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.482456923 CET5133853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.482456923 CET6357253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.482630968 CET5607153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.619538069 CET53513381.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.619671106 CET53560711.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.620291948 CET5670053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.620332003 CET6058053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET53635721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.622360945 CET5217953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.757474899 CET53567001.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.758440018 CET53605801.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.760301113 CET53521791.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.770966053 CET5798453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.771042109 CET5621953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.771564960 CET6341753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.802356005 CET6085753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908257961 CET53579841.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908283949 CET53562191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908390045 CET53634171.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.909148932 CET5804253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.909148932 CET5445553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.909321070 CET5724153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.939830065 CET53608571.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.046262026 CET53544551.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047303915 CET53572411.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047354937 CET53580421.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.052609921 CET6051253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.052966118 CET5117553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.053486109 CET6053353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.190817118 CET53511751.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.193537951 CET53605121.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.193983078 CET5660353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.195007086 CET6505153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.263130903 CET53605331.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.264267921 CET6273353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.332191944 CET53566031.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.332299948 CET53650511.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.333017111 CET5456453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.402817011 CET53627331.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.403619051 CET6084053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.476020098 CET53545641.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.541356087 CET53608401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.758816957 CET5523453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.759299994 CET6439353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.896707058 CET53552341.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.897013903 CET53643931.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.689623117 CET5913853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.801322937 CET5578453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.938482046 CET53557841.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.942723036 CET6495053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.079969883 CET53649501.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.080801964 CET5223753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.217967987 CET53522371.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.365855932 CET5376853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.415092945 CET6247253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.552948952 CET53624721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.554486990 CET5837953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.692230940 CET53583791.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.694922924 CET6072353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.794795036 CET53492101.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.835381985 CET53607231.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.209808111 CET5971353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.348545074 CET53597131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.349443913 CET6100053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.496797085 CET53610001.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:45.902443886 CET53597571.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.170651913 CET5467353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.313011885 CET53546731.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.237361908 CET6046753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.377630949 CET53604671.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485742092 CET5489153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.715584040 CET53548911.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.716473103 CET5289153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.859523058 CET53528911.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310148001 CET5950853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.539604902 CET53595081.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.541259050 CET5614853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.685285091 CET53561481.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.686285973 CET6455453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.761385918 CET53525291.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.826291084 CET53645541.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.373558044 CET5071453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.681104898 CET53507141.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.682902098 CET5839053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.902345896 CET53583901.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.903285980 CET6222653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:10.048124075 CET53622261.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.014527082 CET6332753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.151803017 CET53633271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.323240042 CET4934153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.467525959 CET53493411.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.982920885 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:25.767759085 CET53508251.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:27.220761061 CET53511271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:34.988403082 CET5051853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073558092 CET6467853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.126496077 CET53505181.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.127891064 CET6393953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.210956097 CET53646781.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.266875029 CET53639391.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.315352917 CET5255553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:48.234663010 CET53635841.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:03.204853058 CET5035553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.449709892 CET6159053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.587490082 CET53615901.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.589358091 CET5971753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.727247953 CET53597171.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.821141005 CET6232453192.168.2.161.1.1.1

                                                                                                                                                                                                                                                                                                                                                                      ICMP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:55.697160006 CET192.168.2.161.1.1.1c23f(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.192483902 CET192.168.2.161.1.1.10xc1f7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.192867041 CET192.168.2.161.1.1.10x6c46Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.678224087 CET192.168.2.161.1.1.10x6ca5Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.817552090 CET192.168.2.161.1.1.10x2c8bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.923192978 CET192.168.2.161.1.1.10xe88bStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.923192978 CET192.168.2.161.1.1.10xa5cfStandard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.236546993 CET192.168.2.161.1.1.10x2668Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.236713886 CET192.168.2.161.1.1.10x33c1Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.623784065 CET192.168.2.161.1.1.10x99aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.764019966 CET192.168.2.161.1.1.10x1d4dStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.903067112 CET192.168.2.161.1.1.10xf32cStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.143058062 CET192.168.2.161.1.1.10xcc40Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.172683001 CET192.168.2.161.1.1.10x10a7Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.283523083 CET192.168.2.161.1.1.10xecb4Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.310832977 CET192.168.2.161.1.1.10xa28eStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.312912941 CET192.168.2.161.1.1.10xfa8fStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.482456923 CET192.168.2.161.1.1.10xbf61Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.482456923 CET192.168.2.161.1.1.10x3a20Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.482630968 CET192.168.2.161.1.1.10x4500Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.620291948 CET192.168.2.161.1.1.10x3f8fStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.620332003 CET192.168.2.161.1.1.10xee81Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.622360945 CET192.168.2.161.1.1.10xba30Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.770966053 CET192.168.2.161.1.1.10x1290Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.771042109 CET192.168.2.161.1.1.10xcff9Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.771564960 CET192.168.2.161.1.1.10xf758Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.802356005 CET192.168.2.161.1.1.10xe895Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.909148932 CET192.168.2.161.1.1.10xfb6cStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.909148932 CET192.168.2.161.1.1.10xa743Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.909321070 CET192.168.2.161.1.1.10x6f30Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.052609921 CET192.168.2.161.1.1.10x3a84Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.052966118 CET192.168.2.161.1.1.10x3ee2Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.053486109 CET192.168.2.161.1.1.10xaec5Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.193983078 CET192.168.2.161.1.1.10x6c18Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.195007086 CET192.168.2.161.1.1.10x4099Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.264267921 CET192.168.2.161.1.1.10xda8dStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.333017111 CET192.168.2.161.1.1.10x8517Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.403619051 CET192.168.2.161.1.1.10x2b14Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.758816957 CET192.168.2.161.1.1.10x82d1Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.759299994 CET192.168.2.161.1.1.10xb758Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.689623117 CET192.168.2.161.1.1.10x2f4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.801322937 CET192.168.2.161.1.1.10x34c9Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.942723036 CET192.168.2.161.1.1.10x86e3Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.080801964 CET192.168.2.161.1.1.10x1d50Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.365855932 CET192.168.2.161.1.1.10x5dd1Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.415092945 CET192.168.2.161.1.1.10x2243Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.554486990 CET192.168.2.161.1.1.10x1736Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.694922924 CET192.168.2.161.1.1.10xc610Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.209808111 CET192.168.2.161.1.1.10x585Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.349443913 CET192.168.2.161.1.1.10xfbf9Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.170651913 CET192.168.2.161.1.1.10xd3c2Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.237361908 CET192.168.2.161.1.1.10xcf48Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.485742092 CET192.168.2.161.1.1.10x29dfStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.716473103 CET192.168.2.161.1.1.10x5a47Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.310148001 CET192.168.2.161.1.1.10x7100Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.541259050 CET192.168.2.161.1.1.10x3027Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.686285973 CET192.168.2.161.1.1.10xfeefStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.373558044 CET192.168.2.161.1.1.10xd55aStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.682902098 CET192.168.2.161.1.1.10x226eStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.903285980 CET192.168.2.161.1.1.10x54d5Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.014527082 CET192.168.2.161.1.1.10x9098Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.323240042 CET192.168.2.161.1.1.10x9572Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:34.988403082 CET192.168.2.161.1.1.10x41f3Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.073558092 CET192.168.2.161.1.1.10x89b0Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.127891064 CET192.168.2.161.1.1.10xcdafStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.315352917 CET192.168.2.161.1.1.10xa04Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:03.204853058 CET192.168.2.161.1.1.10x88fcStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.449709892 CET192.168.2.161.1.1.10x831Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.589358091 CET192.168.2.161.1.1.10xe7cbStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.821141005 CET192.168.2.161.1.1.10xa164Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.333266020 CET1.1.1.1192.168.2.160xc1f7No error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:26.333594084 CET1.1.1.1192.168.2.160x6c46No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.674571037 CET1.1.1.1192.168.2.160xde7eNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:32.816152096 CET1.1.1.1192.168.2.160x6ca5No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.062345028 CET1.1.1.1192.168.2.160xe88bNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.062345028 CET1.1.1.1192.168.2.160xe88bNo error (0)plus.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:33.065047979 CET1.1.1.1192.168.2.160xa5cfNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.373338938 CET1.1.1.1192.168.2.160x2668No error (0)play.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.762653112 CET1.1.1.1192.168.2.160x99aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.762653112 CET1.1.1.1192.168.2.160x99aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.901204109 CET1.1.1.1192.168.2.160x1d4dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.045159101 CET1.1.1.1192.168.2.160xf32cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.282360077 CET1.1.1.1192.168.2.160xcc40No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.309854984 CET1.1.1.1192.168.2.160x10a7No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.309854984 CET1.1.1.1192.168.2.160x10a7No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.311681986 CET1.1.1.1192.168.2.160x9d3fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.311681986 CET1.1.1.1192.168.2.160x9d3fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.420768023 CET1.1.1.1192.168.2.160xecb4No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.448729038 CET1.1.1.1192.168.2.160xa28eNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.448729038 CET1.1.1.1192.168.2.160xa28eNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.453875065 CET1.1.1.1192.168.2.160xfa8fNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.453875065 CET1.1.1.1192.168.2.160xfa8fNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.619538069 CET1.1.1.1192.168.2.160xbf61No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.619671106 CET1.1.1.1192.168.2.160x4500No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.621824980 CET1.1.1.1192.168.2.160x3a20No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.757474899 CET1.1.1.1192.168.2.160x3f8fNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.758440018 CET1.1.1.1192.168.2.160xee81No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.760301113 CET1.1.1.1192.168.2.160xba30No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.760301113 CET1.1.1.1192.168.2.160xba30No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.760301113 CET1.1.1.1192.168.2.160xba30No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.760301113 CET1.1.1.1192.168.2.160xba30No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908257961 CET1.1.1.1192.168.2.160x1290No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908257961 CET1.1.1.1192.168.2.160x1290No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908257961 CET1.1.1.1192.168.2.160x1290No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908257961 CET1.1.1.1192.168.2.160x1290No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908257961 CET1.1.1.1192.168.2.160x1290No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908283949 CET1.1.1.1192.168.2.160xcff9No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.908390045 CET1.1.1.1192.168.2.160xf758No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.939830065 CET1.1.1.1192.168.2.160xe895No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.939830065 CET1.1.1.1192.168.2.160xe895No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.939830065 CET1.1.1.1192.168.2.160xe895No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047303915 CET1.1.1.1192.168.2.160x6f30No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047303915 CET1.1.1.1192.168.2.160x6f30No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047303915 CET1.1.1.1192.168.2.160x6f30No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047303915 CET1.1.1.1192.168.2.160x6f30No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.047354937 CET1.1.1.1192.168.2.160xfb6cNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.190817118 CET1.1.1.1192.168.2.160x3ee2No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.332299948 CET1.1.1.1192.168.2.160x4099No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.402817011 CET1.1.1.1192.168.2.160xda8dNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.541356087 CET1.1.1.1192.168.2.160x2b14No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.896707058 CET1.1.1.1192.168.2.160x82d1No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.897013903 CET1.1.1.1192.168.2.160xb758No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:36.897013903 CET1.1.1.1192.168.2.160xb758No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.828429937 CET1.1.1.1192.168.2.160x2f4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.828429937 CET1.1.1.1192.168.2.160x2f4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.938482046 CET1.1.1.1192.168.2.160x34c9No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.938482046 CET1.1.1.1192.168.2.160x34c9No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:38.079969883 CET1.1.1.1192.168.2.160x86e3No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.510565996 CET1.1.1.1192.168.2.160x5dd1No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.552948952 CET1.1.1.1192.168.2.160x2243No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.692230940 CET1.1.1.1192.168.2.160x1736No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.730617046 CET1.1.1.1192.168.2.160xc100No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.820580959 CET1.1.1.1192.168.2.160xea0aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.820580959 CET1.1.1.1192.168.2.160xea0aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.348545074 CET1.1.1.1192.168.2.160x585No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.312999010 CET1.1.1.1192.168.2.160x563No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.484389067 CET1.1.1.1192.168.2.160xb038No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.484389067 CET1.1.1.1192.168.2.160xb038No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:03.715584040 CET1.1.1.1192.168.2.160x29dfNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.539604902 CET1.1.1.1192.168.2.160x7100No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.539604902 CET1.1.1.1192.168.2.160x7100No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.539604902 CET1.1.1.1192.168.2.160x7100No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.539604902 CET1.1.1.1192.168.2.160x7100No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.685285091 CET1.1.1.1192.168.2.160x3027No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.685285091 CET1.1.1.1192.168.2.160x3027No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.685285091 CET1.1.1.1192.168.2.160x3027No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.685285091 CET1.1.1.1192.168.2.160x3027No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.826291084 CET1.1.1.1192.168.2.160xfeefNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.826291084 CET1.1.1.1192.168.2.160xfeefNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.826291084 CET1.1.1.1192.168.2.160xfeefNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:04.826291084 CET1.1.1.1192.168.2.160xfeefNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.681104898 CET1.1.1.1192.168.2.160xd55aNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.681104898 CET1.1.1.1192.168.2.160xd55aNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.902345896 CET1.1.1.1192.168.2.160x226eNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.132348061 CET1.1.1.1192.168.2.160xda2No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.132348061 CET1.1.1.1192.168.2.160xda2No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.071953058 CET1.1.1.1192.168.2.160x7e43No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:35.126496077 CET1.1.1.1192.168.2.160x41f3No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.455663919 CET1.1.1.1192.168.2.160xa04No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.455663919 CET1.1.1.1192.168.2.160xa04No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:03.343866110 CET1.1.1.1192.168.2.160x88fcNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:03.343866110 CET1.1.1.1192.168.2.160x88fcNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:19.587490082 CET1.1.1.1192.168.2.160x831No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.958484888 CET1.1.1.1192.168.2.160xa164No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.958484888 CET1.1.1.1192.168.2.160xa164No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                      • www.google.com
                                                                                                                                                                                                                                                                                                                                                                      • apis.google.com
                                                                                                                                                                                                                                                                                                                                                                      • play.google.com
                                                                                                                                                                                                                                                                                                                                                                      • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.164974034.107.221.82807724C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:34.883606911 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:35.974760056 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38170
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.164974734.107.221.82807724C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.962013960 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.048938036 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37968
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.262762070 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.577868938 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37969
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.611788988 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.926814079 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37969
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.432154894 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:49.747154951 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37979
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.487663984 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:51.802453041 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37981
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.637917042 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:54.965188026 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37984
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.360950947 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.676991940 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37990
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.684199095 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:01.000041008 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 37990
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.012749910 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.013659000 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.327630997 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38001
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:14.967340946 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.282242060 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38005
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.722011089 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:16.037359953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38005
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.749706030 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:18.064946890 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38007
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.072902918 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.565397024 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.880162001 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38018
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.635524035 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.952795029 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38026
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.861973047 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:38.178934097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38028
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:48.190649033 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:58.316638947 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:08.535208941 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:18.667149067 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.143816948 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.459278107 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 38071
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.164974834.107.221.82807724C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:37.962120056 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.047972918 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38173
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.294331074 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:39.608711004 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38174
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.230607986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:40.544800997 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38175
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.168126106 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:50.489556074 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38185
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.551604986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:53.867970943 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38188
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.233937979 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:45:57.549257994 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38192
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.365706921 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:00.681124926 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38195
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.333102942 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:09.647797108 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38204
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.015825987 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:11.330169916 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38206
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.165966988 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:15.482081890 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38210
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.432063103 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:17.746579885 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38212
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:27.758009911 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.245811939 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:28.562082052 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38223
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.315232992 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:36.632707119 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38231
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.544902086 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:37.859420061 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38232
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:47.861592054 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:46:57.985702038 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:08.114799976 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:18.240598917 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:20.821893930 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 17, 2024 21:47:21.136693954 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Age: 38275
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.1649723172.217.19.2284436908C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 20:45:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-hhPJ9g3UDBxt5ulAFApnCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC124INData Raw: 35 36 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 79 74 20 6d 69 6e 69 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 76 61 6e 75 61 74 75 20 65 61 72 74 68 71 75 61 6b 65 73 22 2c 22 77 65 6c 6c 73 20 66 61 72 67 6f 20 32 30 32 34 20 73 65 74 74 6c 65 6d 65 6e 74 20 64 65 74 61 69 6c 73 22 2c 22 66 61 6e 74 61 73 79 20 66 6f 6f 74 62 61 6c 6c 20 72 61 6e 6b
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 56b)]}'["",["nyt mini crossword clues","vanuatu earthquakes","wells fargo 2024 settlement details","fantasy football rank
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1270INData Raw: 69 6e 67 73 20 77 65 65 6b 20 31 36 22 2c 22 6e 79 74 20 73 74 72 61 6e 64 73 20 68 69 6e 74 73 20 64 65 63 65 6d 62 65 72 20 31 37 22 2c 22 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 20 63 61 6c 69 66 6f 72 6e 69 61 20 73 63 6f 74 74 73 20 76 61 6c 6c 65 79 22 2c 22 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 20 73 70 61 63 65 78 20 66 61 6c 63 6f 6e 20 39 22 2c 22 74 65 78 61 73 20 61 5c 75 30 30 32 36 6d 20 66 6f 6f 74 62 61 6c 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ings week 16","nyt strands hints december 17","tornado warning userfornia scotts valley","rocket launch spacex falcon 9","texas a\u0026m football"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEw
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC91INData Raw: 35 35 0d 0a 71 56 47 34 31 4e 44 59 77 4c 31 68 6a 64 45 35 6c 63 30 4e 4b 4e 7a 41 33 61 6d 64 48 55 6a 4a 58 57 48 52 52 5a 6e 42 6f 53 30 6c 7a 5a 6c 5a 43 54 30 4a 33 54 6b 46 52 62 56 6c 34 54 55 49 32 64 30 52 50 62 58 42 42 64 45 78 6c 51 6e 70 4e 5a 33 4d 33 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 55qVG41NDYwL1hjdE5lc0NKNzA3amdHUjJXWHRRZnBoS0lzZlZCT0J3TkFRbVl4TUI2d0RPbXBBdExlQnpNZ3M3
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1281INData Raw: 34 66 61 0d 0a 59 56 59 77 4f 47 39 69 63 48 64 48 57 54 56 79 4e 6a 56 58 4f 57 70 6b 57 43 74 45 62 30 4e 34 52 55 74 48 56 48 56 33 4e 6d 46 6a 62 30 6c 6e 51 57 78 57 59 7a 64 33 51 33 63 78 54 30 31 69 4d 48 6f 30 5a 7a 45 7a 5a 45 5a 44 63 30 35 4d 59 6d 55 34 51 54 5a 4e 56 6d 4d 77 63 55 46 45 63 55 52 6e 4f 46 64 31 61 47 55 30 4b 32 74 4e 5a 30 6c 51 64 6d 4e 75 5a 57 68 74 53 6a 56 55 4d 46 46 4b 51 57 77 72 62 33 68 42 55 69 39 44 55 6b 52 33 54 6c 56 43 52 6b 56 71 4d 56 41 30 61 30 70 4c 4d 30 46 42 52 47 31 70 4e 6b 78 5a 51 30 68 71 51 6b 52 44 51 58 4e 59 5a 6d 68 4a 5a 55 64 76 51 6e 64 77 64 56 70 73 56 6b 70 44 54 6c 70 48 64 6d 4e 43 62 31 46 31 64 31 52 78 5a 32 30 77 52 44 4e 74 55 6a 63 33 54 58 5a 57 52 45 31 43 62 57 74 4c 62 57
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 4faYVYwOG9icHdHWTVyNjVXOWpkWCtEb0N4RUtHVHV3NmFjb0lnQWxWYzd3Q3cxT01iMHo0ZzEzZEZDc05MYmU4QTZNVmMwcUFEcURnOFd1aGU0K2tNZ0lQdmNuZWhtSjVUMFFKQWwrb3hBUi9DUkR3TlVCRkVqMVA0a0pLM0FBRG1pNkxZQ0hqQkRDQXNYZmhJZUdvQndwdVpsVkpDTlpHdmNCb1F1d1RxZ20wRDNtUjc3TXZWRE1CbWtLbW
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.1649724172.217.19.2284436908C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 20:45:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC372INData Raw: 32 38 32 39 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 2829)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 34 31 2c 33 37 30 31 33 38 34 2c 31 30 31 34 31 39 31 37 31 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700341,3701384,101419171,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: st c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{construct
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC1390INData Raw: 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: turn a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u0
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC187INData Raw: 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC325INData Raw: 31 33 65 0d 0a 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6a 65 5b 64 5d 2c 63 29 3a 5f 2e 65 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 65 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 13eyb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOwnProperty(d)?a.setAttribute(je[d],c):_.ee(d,\"aria-\")||_.ee(d,\"data-\")?a.setAttribute(d,c):a[d


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.1649727172.217.19.2284436908C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:28 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:29 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 20:45:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:29 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      3192.168.2.1649738142.250.181.784436908C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:34 UTC729OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: apis.google.com
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC916INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 117446
                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                      Date: Wed, 11 Dec 2024 22:22:46 GMT
                                                                                                                                                                                                                                                                                                                                                                      Expires: Thu, 11 Dec 2025 22:22:46 GMT
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                      Age: 512569
                                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC474INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ction(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.n
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:35 UTC1390INData Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("S


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      4192.168.2.1649739172.217.19.2064436908C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:36 UTC722OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: play.google.com
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 905
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:36 UTC905OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 34 36 38 33 33 32 31 34 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734468332142",null,null,null,
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:36 UTC942INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: NID=520=VYnkcY8b8ANUwXpKWT8GNyu8hQo9oTeT9gNuQV-YrJYFTU8BpCVNw0khi9NVXPP3UgTWLWeTQEOo88eNOJArYt6djM8zgt7cMSBJSK5AftObTM6Gi4rkGG-C9nxqGZxMwMd0itBPi5VX4WNuIsRssBsGR0z3IrnK-tsSzb3ENmRhVgPcVqGAzERf; expires=Wed, 18-Jun-2025 20:45:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 20:45:36 GMT
                                                                                                                                                                                                                                                                                                                                                                      Server: Playlog
                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                      Expires: Tue, 17 Dec 2024 20:45:36 GMT
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:36 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      5192.168.2.1649751172.217.19.2064436908C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:40 UTC924OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: play.google.com
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 911
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                      Cookie: NID=520=VYnkcY8b8ANUwXpKWT8GNyu8hQo9oTeT9gNuQV-YrJYFTU8BpCVNw0khi9NVXPP3UgTWLWeTQEOo88eNOJArYt6djM8zgt7cMSBJSK5AftObTM6Gi4rkGG-C9nxqGZxMwMd0itBPi5VX4WNuIsRssBsGR0z3IrnK-tsSzb3ENmRhVgPcVqGAzERf
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:40 UTC911OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 34 36 38 33 33 37 32 39 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734468337297",null,null,null,
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:41 UTC950INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: NID=520=U11-sMLWFLs9UN-DL6zs_U4OvVZ6EjDlZbPk39Lyza2FEZL0xBx_DQ3X0rdXa6sedET_iHU66DSAME8hSouYKCSW2IYHZA_QOOwSLbnA2oy7QIZ6IF7xcyenSXu52LUuApeNcyDoI3r-aoEeMmoKQuw-kiyBkSseabi0iK-TXNGL1Nwobd3DWilPRzyme2OU; expires=Wed, 18-Jun-2025 20:45:41 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 20:45:41 GMT
                                                                                                                                                                                                                                                                                                                                                                      Server: Playlog
                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                      Expires: Tue, 17 Dec 2024 20:45:41 GMT
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:41 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                                                                      2024-12-17 20:45:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:17
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\tightvnc-2.8.59-gpl-setup-64bit.msi"
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff71b480000
                                                                                                                                                                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:18
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff71b480000
                                                                                                                                                                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:18
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 366735EB6927792E73E79CEA3C194138 C
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x1b0000
                                                                                                                                                                                                                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7648e0000
                                                                                                                                                                                                                                                                                                                                                                      File size:329'504 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:24
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:24
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1988,i,15112898768309574499,3534838998919070353,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:29
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:30
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:30
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {121b51e2-b642-4d24-96e3-95a44349d53c} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a52d6cb10 socket
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:32
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -parentBuildID 20230927232528 -prefsHandle 3964 -prefMapHandle 1548 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0ceec4-37c6-4598-bafb-3680f8389ea6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a64bfbe10 rdd
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:38
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3208 -prefMapHandle 5028 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e912c0c-cb3e-43ad-ac0d-129e9b99bfa6} 7724 "\\.\pipe\gecko-crash-server-pipe.7724" 22a71e73710 utility
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:54
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\MsiExec.exe -Embedding 839A6BED3B535DDC9F926706BED3D358
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff71b480000
                                                                                                                                                                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:55
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 55CD39A3B1CA3F8107A53A082A367601
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x1b0000
                                                                                                                                                                                                                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:55
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 270EB102D49F2F6F5E31328FD1305FFD E Global\MSI0000
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x1b0000
                                                                                                                                                                                                                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:56
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\MsiExec.exe -Embedding ABF620296975EB739497FE4C6133E2DA E Global\MSI0000
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff71b480000
                                                                                                                                                                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:56
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\TightVNC\tvnserver.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\TightVNC\tvnserver.exe" -reinstall -silent
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff701fc0000
                                                                                                                                                                                                                                                                                                                                                                      File size:1'803'440 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5D478F94283CD69F4393D8DA703BD442
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:58
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\TightVNC\tvnserver.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\TightVNC\tvnserver.exe" -start
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff701fc0000
                                                                                                                                                                                                                                                                                                                                                                      File size:1'803'440 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5D478F94283CD69F4393D8DA703BD442
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:58
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\TightVNC\tvnserver.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\TightVNC\tvnserver.exe" -service
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff701fc0000
                                                                                                                                                                                                                                                                                                                                                                      File size:1'803'440 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5D478F94283CD69F4393D8DA703BD442
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:25
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:59
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\TightVNC\tvnserver.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff701fc0000
                                                                                                                                                                                                                                                                                                                                                                      File size:1'803'440 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5D478F94283CD69F4393D8DA703BD442
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:45:59
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\TightVNC\tvnserver.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\TightVNC\tvnserver.exe" -checkservicepasswords
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff701fc0000
                                                                                                                                                                                                                                                                                                                                                                      File size:1'803'440 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5D478F94283CD69F4393D8DA703BD442
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:46:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6fed30000
                                                                                                                                                                                                                                                                                                                                                                      File size:468'120 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                                                                                                                                      Start time:15:46:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:0.4%
                                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                                        execution_graph 5008 1c378a53d37 5009 1c378a53d47 NtQuerySystemInformation 5008->5009 5010 1c378a53ce4 5009->5010 5011 1c378a725f2 5012 1c378a72649 NtQuerySystemInformation 5011->5012 5013 1c378a709c4 5011->5013 5012->5013

                                                                                                                                                                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                                        Function 000001C378A725F2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 0000000F.00000002.2536507890.000001C378A70000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001C378A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_1c378a70000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2e35963dc61dc375d0b0c83ad209ecf58bccad159e8d52fe5a613ec863b210df
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CA3D431618B498BEB6DDF18DC856E973E5FB98300F14422ED94BD7255DE34EA028BC2
                                                                                                                                                                                                                                                                                                                                                                        Function 000001C378A53D37 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 0000000F.00000002.2535716258.000001C378A51000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001C378A51000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_1c378a51000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1d60ca661a0600f165c4958b461de0f3cd7edf208003b5791fe27b99f1cac43a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5A3E771654B488BEB6DDF28DC857E973E5FB55300F14822ED94BD3251DF30EA828A82
                                                                                                                                                                                                                                                                                                                                                                        Function 000001C378A72632 Relevance: 4.6, Strings: 3, Instructions: 887COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 0000000F.00000002.2536507890.000001C378A70000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001C378A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_1c378a70000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #$4$z
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-222932584
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3f12bc94a441b99678d1f37fd838eb33403ab1c1100704a4327215b314ffab7c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 46b51236754dc011f03b80533a98f7893e568db98652dfb1ff2932d0208a8373
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f12bc94a441b99678d1f37fd838eb33403ab1c1100704a4327215b314ffab7c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42529D31614F4D8BEB6AEF28DC85AE973E4FB54301F44422ED84AC2255DF34EA458BC1

                                                                                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                        Function 000001C378A72D1C Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 0000000F.00000002.2536507890.000001C378A70000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001C378A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_15_2_1c378a70000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2fa4645b680d34bee22a3500d205d04f87224c646c510b3238a6d81739ab6236
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ab2a90b075efec4a2be9df8a9d74d36971306561fecfa16bb8e0ff4632f442c2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fa4645b680d34bee22a3500d205d04f87224c646c510b3238a6d81739ab6236
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96B1E331B5C2900B871CC92D486707AF7D7E7CA60AB24E23EE9C7D7289DD3485539AC6