Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
do.ps1

Overview

General Information

Sample name:do.ps1
Analysis ID:1577326
MD5:7ba537d48ce1c8a2bff3fb660bbdc665
SHA1:53a23738f65ccdcb29a7ed42a90060caf860e5c3
SHA256:dc2811fd6fc3f139fc9d1419913fd5598ed3c1f0ec94f0754edfabb10d171593
Tags:18521511316185215113209bulletproofps1user-abus3reports
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 2728 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 5724 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6036 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5756 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4232 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b7867fa-94d4-4a64-a53d-5a509b36e200} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a6d110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7472 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -parentBuildID 20230927232528 -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26099 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7385eb-5e95-4c83-80c2-8aa8c723d91c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a88110 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7676 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5356 -prefMapHandle 5364 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {766fdaca-8b5d-4736-82b6-44cb10509d0c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172e2826f10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • svchost.exe (PID: 3776 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1", ProcessId: 2728, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1", ProcessId: 2728, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3776, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: do.ps1ReversingLabs: Detection: 15%
Source: do.ps1Virustotal: Detection: 27%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.2% probability
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.6:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49902 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49903 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49909 version: TLS 1.2
Source: Binary string: UxTheme.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdbP4B{ source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD0DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC578000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 00000005.00000003.2416943580.00000172DC1AE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414981021.00000172DC5F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404440180.00000172DC531000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000005.00000003.2412637309.00000172DD5EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 00000005.00000003.2405151463.00000172DC4C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb` source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 00000005.00000003.2416943580.00000172DC1AE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 00000005.00000003.2417787393.00000172DBAF8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdbP4B{ source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000005.00000003.2404618602.00000172DC506000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbPC source: firefox.exe, 00000005.00000003.2413422187.00000172DD0E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 00000005.00000003.2405831859.00000172DC2DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbp source: firefox.exe, 00000005.00000003.2399639792.00000172DD148000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 00000005.00000003.2416240527.00000172DC290000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406141179.00000172DC290000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402347569.00000172DCF94000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000005.00000003.2405330088.00000172DC4B6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000005.00000003.2399639792.00000172DD148000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 00000005.00000003.2414981021.00000172DC5F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000005.00000003.2398875082.00000172DD295000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415243170.00000172DC5EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 00000005.00000003.2405330088.00000172DC4B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2405831859.00000172DC2DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdbX source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb=G source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdbp,C{ source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb0 source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415243170.00000172DC5EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 00000005.00000003.2405831859.00000172DC2DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406053376.00000172DC2AE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb`rV{ source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: winrnr.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdbtopsites,topstories,highlights source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: psapi.pdb source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb` source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC5BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdbpref_suggest_nonsponsored source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdbP4B{ source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402347569.00000172DCF94000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: firefox.exeMemory has grown: Private usage: 1MB later: 259MB
Source: unknownNetwork traffic detected: DNS query count 31
Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2326378591.00000172DAAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333627375.00000172DACF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348059875.00000172E6E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2371769207.00000172D923A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2372950841.00000172D9242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2331787069.00000172E611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E6175000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2331787069.00000172E611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E6175000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2395506265.00000172E32CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2331787069.00000172E611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E6175000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2331787069.00000172E611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E6175000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5830A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5830A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5830A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2371769207.00000172D923A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2372950841.00000172D9242000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2409178550.00000172E32BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: youtube.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2417153575.00000172DC0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000006.00000002.3401061773.0000027725C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2331787069.00000172E61EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2390526152.00000172E62DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2399009560.00000172DD192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2392295901.00000172E61F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2398621059.00000172DD2C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2410020606.00000172E3236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2400062525.00000172DD113000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2389489852.00000172E6485000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E618B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: firefox.exe, 00000005.00000003.2311612866.00000172E60B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000005.00000003.2348516102.00000172E6E59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348113765.00000172E6EA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280529454.00000172E3C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418567396.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2326378591.00000172DAAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365769947.00000172E3CDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2212805008.00000172E3CD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2297309334.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2297001818.00000172E658F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2183422434.00000172D9917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2180082608.00000172D9910000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2186628401.00000172D92CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292522743.00000172DA1E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294541636.00000172DAA8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302772565.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338496554.00000172DAAFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2189711417.00000172D9DBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2312563904.00000172E6CBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302894532.00000172E3C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2407888131.00000172E61E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325052563.00000172E658B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: powershell.exe, 00000000.00000002.2188957382.00000202ED0C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2188957382.00000202ECF8E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: powershell.exe, 00000000.00000002.2159344943.00000202DD142000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2192380794.00000202F4F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: firefox.exe, 00000005.00000003.2403230386.00000172DCF14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000005.00000003.2403230386.00000172DCF14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: powershell.exe, 00000000.00000002.2159344943.00000202DCF11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: powershell.exe, 00000000.00000002.2159344943.00000202DE542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000000.00000002.2159344943.00000202DD142000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2192380794.00000202F4F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2407706438.00000172E64F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2394046088.00000172E3DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406141179.00000172DC283000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2389489852.00000172E64F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417969575.00000172DB3E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331660872.00000172E64F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000009.00000003.2203357002.0000017A58FFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3401026736.0000017A58FFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000003.2201828600.0000017A58FFC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000005.00000003.2403230386.00000172DCF14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2403230386.00000172DCF14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2183767001.00000172D990C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.2407706438.00000172E64F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2389489852.00000172E64F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: powershell.exe, 00000000.00000002.2159344943.00000202DDB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2158714750.000001ADCCB73000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2158178754.000001ADCCB6E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E614B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000005.00000003.2393388234.00000172E618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E618B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000005.00000003.2395506265.00000172E32F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: powershell.exe, 00000000.00000002.2159344943.00000202DCF11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2395506265.00000172E32CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2403366583.00000172DC5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3399137861.0000015E47D06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3399137861.0000015E47D06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 00000005.00000003.2391112843.00000172E627D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000005.00000003.2357490038.00000172E79C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000005.00000003.2352013422.00000172E6ED2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2360413282.00000172E6FF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000005.00000003.2339579817.00000172E6CD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000005.00000003.2357490038.00000172E79C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347028727.00000172D6B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000005.00000003.2348113765.00000172E6EA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418567396.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2297309334.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2322692965.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336159550.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352013422.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000005.00000003.2348113765.00000172E6EA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347028727.00000172D6BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 00000005.00000003.2347028727.00000172D6BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000005.00000003.2398523329.00000172DD2EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3399137861.0000015E47D06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3399137861.0000015E47D06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000005.00000003.2400062525.00000172DD113000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: powershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2385355226.00000172E8E3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348059875.00000172E6E19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2375071792.00000172D9D65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2371948725.00000172D91F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357011958.00000172E8E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000005.00000003.2324738649.00000172E650D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2392295901.00000172E61F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2183767001.00000172D990C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254687924.00000172E6F38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2181988017.00000172D9AF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2319782425.00000172D9AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E61EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365649949.00000172D9AF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5835F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2230444167.00000172E6089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226407755.00000172E602B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000005.00000003.2226407755.00000172E6037000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231295457.00000172E609B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2230444167.00000172E6089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226407755.00000172E602B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000006.00000003.2174805771.0000027725B20000.00000004.00000800.00020000.00000000.sdmp, edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5835F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000B.00000002.3394304592.0000015E47A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: powershell.exe, 00000000.00000002.2159344943.00000202DD142000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2192380794.00000202F4F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: firefox.exe, 00000005.00000003.2212805008.00000172E3CD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302772565.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2361104889.00000172E3CD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223446039.00000172E3CD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2304931840.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283414165.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000005.00000003.2212805008.00000172E3CD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302772565.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2361104889.00000172E3CD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223446039.00000172E3CD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2304931840.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2283414165.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000005.00000003.2352371115.00000172E6CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2339579817.00000172E6CD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337419786.00000172E6CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2384400761.00000172E8E87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336040735.00000172E605A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2356522454.00000172E8E87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2375071792.00000172D9D65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2371948725.00000172D91F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000005.00000003.2331343836.00000172E683C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2389134175.00000172E6843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.2393299715.00000172E61D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.2410238131.00000172E284C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2205119248.00000172E284E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/6a01ecb6-d27b-4011-b3d3-a86ac
Source: firefox.exe, 00000005.00000003.2417969575.00000172DB3F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/6418df17-46ac-4f31-9b04-3d69
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000005.00000003.2398523329.00000172DD2EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000005.00000003.2221243617.00000172DD979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2205326663.00000172DBB68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2396846763.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411243072.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.2218657082.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebX
Source: firefox.exe, 00000005.00000003.2205326663.00000172DBBBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221832217.00000172DBBBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.2205326663.00000172DBBBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221832217.00000172DBBBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000005.00000003.2385355226.00000172E8E3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348059875.00000172E6E19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2375071792.00000172D9D65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2371948725.00000172D91F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357011958.00000172E8E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37C72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: powershell.exe, 00000000.00000002.2188957382.00000202ED0C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2188957382.00000202ECF8E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: powershell.exe, 00000000.00000002.2159344943.00000202DE542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000000.00000002.2159344943.00000202DE542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000005.00000003.2393388234.00000172E61C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E61B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2324738649.00000172E650D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000005.00000003.2388532477.00000172E68BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331343836.00000172E68BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000005.00000003.2393388234.00000172E618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E618B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2398621059.00000172DD2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2331787069.00000172E61B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000005.00000003.2331787069.00000172E618B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2393388234.00000172E61CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2331787069.00000172E61B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.2331787069.00000172E614B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400062525.00000172DD113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5835F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.2331660872.00000172E64F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A5835F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000009.00000002.3393523616.0000017A5835F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user8
Source: firefox.exe, 0000000B.00000002.3394304592.0000015E47AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userL
Source: firefox.exe, 00000005.00000003.2395506265.00000172E32F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000005.00000003.2395506265.00000172E32F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000005.00000003.2230444167.00000172E6089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2405831859.00000172DC2E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398440599.00000172DD691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2389178148.00000172E6831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331343836.00000172E6831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000005.00000003.2332333706.00000172D5BCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2393388234.00000172E61CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2389489852.00000172E64AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2387818287.00000172E79A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406659580.00000172E7996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000005.00000003.2352828864.00000172DC34E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2300028557.00000172DC34E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000005.00000003.2415793623.00000172DC539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404440180.00000172DC531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000005.00000003.2387818287.00000172E79A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406659580.00000172E7996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 00000005.00000003.2389489852.00000172E64AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2331787069.00000172E611F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000005.00000003.2410139075.00000172E3222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000005.00000003.2331660872.00000172E64F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3399137861.0000015E47D06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254687924.00000172E6F38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000005.00000003.2214662921.00000172E3DE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000005.00000003.2212326272.00000172DB9F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2211473422.00000172E3CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254687924.00000172E6F38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000005.00000003.2252445749.00000172E6F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2387818287.00000172E79A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406659580.00000172E7996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 00000005.00000003.2389489852.00000172E64AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 00000005.00000003.2226407755.00000172E6037000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231295457.00000172E609B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2230444167.00000172E6089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2226407755.00000172E602B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000005.00000003.2387818287.00000172E79A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406659580.00000172E7996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 00000005.00000003.2389489852.00000172E64AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: firefox.exe, 00000005.00000003.2389178148.00000172E6831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331343836.00000172E6831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000005.00000003.2389178148.00000172E6831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331343836.00000172E6831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2389489852.00000172E64AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2387818287.00000172E79A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406659580.00000172E7996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/7
Source: firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.2396846763.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411243072.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2218657082.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000005.00000003.2331787069.00000172E61EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000005.00000003.2410139075.00000172E3222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000007.00000002.3394967565.0000027A37CCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3399137861.0000015E47D06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000005.00000003.2352013422.00000172E6ED2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333627375.00000172DACF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357944007.00000172E6EDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2371769207.00000172D923A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336159550.00000172E6EDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000005.00000003.2331787069.00000172E6175000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A5830A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000005.00000003.2406053376.00000172DC2AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
Source: firefox.exe, 00000005.00000003.2411524758.00000172DD97F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411758938.00000172DD96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2395227625.00000172E3D47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2396846763.00000172DD965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408829879.00000172E3D47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
Source: recovery.jsonlz4.tmp.5.drString found in binary or memory: https://youtube.com/account?=
Source: firefox.exe, 00000007.00000002.3393811853.0000027A379EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3391904993.0000017A5818A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3391127875.0000015E4770A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/
Source: firefox.exe, 0000000B.00000002.3392030230.0000015E47880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pw
Source: firefox.exe, 00000005.00000003.2406053376.00000172DC2AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2321729145.00000172E6FE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2317674069.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2279939066.00000172E6FE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3393811853.0000027A379EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3393811853.0000027A379E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3398924594.0000027A37D04000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3391904993.0000017A58180000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3391295008.0000017A58134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3391127875.0000015E4770A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3391127875.0000015E47700000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3392030230.0000015E47884000.00000004.00000020.00020000.00000000.sdmp, do.ps1String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000004.00000002.2166169575.000002730DC5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--attempting-deeleva
Source: firefox.exe, 00000007.00000002.3393811853.0000027A379E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3398924594.0000027A37D04000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3391904993.0000017A58180000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3391295008.0000017A58134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3391127875.0000015E47700000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3392030230.0000015E47884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_ST
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.6:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49902 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49903 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49909 version: TLS 1.2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D43DB7 NtQuerySystemInformation,9_2_0000017A58D43DB7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D64DF2 NtQuerySystemInformation,9_2_0000017A58D64DF2
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD34893C4D0_2_00007FFD34893C4D
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D43DB79_2_0000017A58D43DB7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D64DF29_2_0000017A58D64DF2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D64E329_2_0000017A58D64E32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D6551C9_2_0000017A58D6551C
Source: classification engineClassification label: mal52.winPS1@21/44@65/12
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:768:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3osnwqaz.t5o.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: firefox.exe, 00000005.00000003.2393903671.00000172E614E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400062525.00000172DD113000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: do.ps1ReversingLabs: Detection: 15%
Source: do.ps1Virustotal: Detection: 27%
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd"
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b7867fa-94d4-4a64-a53d-5a509b36e200} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a6d110 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -parentBuildID 20230927232528 -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26099 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7385eb-5e95-4c83-80c2-8aa8c723d91c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a88110 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5356 -prefMapHandle 5364 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {766fdaca-8b5d-4736-82b6-44cb10509d0c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172e2826f10 utility
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b7867fa-94d4-4a64-a53d-5a509b36e200} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a6d110 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -parentBuildID 20230927232528 -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26099 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7385eb-5e95-4c83-80c2-8aa8c723d91c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a88110 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5356 -prefMapHandle 5364 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {766fdaca-8b5d-4736-82b6-44cb10509d0c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172e2826f10 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdatauser.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: UxTheme.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdbP4B{ source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD0DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC578000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 00000005.00000003.2416943580.00000172DC1AE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414981021.00000172DC5F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404440180.00000172DC531000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000005.00000003.2412637309.00000172DD5EB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 00000005.00000003.2405151463.00000172DC4C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb` source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 00000005.00000003.2416943580.00000172DC1AE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 00000005.00000003.2417787393.00000172DBAF8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdbP4B{ source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000005.00000003.2404618602.00000172DC506000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbPC source: firefox.exe, 00000005.00000003.2413422187.00000172DD0E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 00000005.00000003.2405831859.00000172DC2DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbp source: firefox.exe, 00000005.00000003.2399639792.00000172DD148000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 00000005.00000003.2416240527.00000172DC290000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406141179.00000172DC290000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402347569.00000172DCF94000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000005.00000003.2405330088.00000172DC4B6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000005.00000003.2399639792.00000172DD148000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 00000005.00000003.2414981021.00000172DC5F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000005.00000003.2398875082.00000172DD295000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415243170.00000172DC5EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2413422187.00000172DD035000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 00000005.00000003.2405330088.00000172DC4B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2405831859.00000172DC2DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdbX source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb=G source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdbp,C{ source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb0 source: firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000005.00000003.2398949981.00000172DD253000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000005.00000003.2398621059.00000172DD29C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC5E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415243170.00000172DC5EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC561000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 00000005.00000003.2405831859.00000172DC2DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2406053376.00000172DC2AE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb`rV{ source: firefox.exe, 00000005.00000003.2398621059.00000172DD2B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: winrnr.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD0CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdbtopsites,topstories,highlights source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: psapi.pdb source: firefox.exe, 00000005.00000003.2401606059.00000172DCFCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402184984.00000172DCFA6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb` source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000005.00000003.2403366583.00000172DC5BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2415404477.00000172DC5CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC5CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdbpref_suggest_nonsponsored source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 00000005.00000003.2413225710.00000172DD22F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000005.00000003.2413422187.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2400264014.00000172DD03B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdbP4B{ source: firefox.exe, 00000005.00000003.2415404477.00000172DC5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403366583.00000172DC591000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000005.00000003.2402929221.00000172DCF58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2402347569.00000172DCF94000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000005.00000003.2404666525.00000172DC4FA000.00000004.00000800.00020000.00000000.sdmp
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD348945D3 pushad ; iretd 0_2_00007FFD348945ED
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D43DB7 rdtsc 9_2_0000017A58D43DB7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3435Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2888Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5936Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4876Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 1396Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: firefox.exe, 0000000B.00000002.3391127875.0000015E4770A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0I
Source: firefox.exe, 00000007.00000002.3400365949.0000027A38240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: firefox.exe, 00000007.00000002.3393811853.0000027A379EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp*
Source: firefox.exe, 0000000B.00000002.3398621769.0000015E47B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWQ
Source: svchost.exe, 00000006.00000002.3401360380.0000027725C5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3400365949.0000027A38240000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3393811853.0000027A379EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3391904993.0000017A5818A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3398496641.0000017A58870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000007.00000002.3399520589.0000027A37E1A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: svchost.exe, 00000006.00000002.3395661595.000002772062B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000007.00000002.3400365949.0000027A38240000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3393811853.0000027A379EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3398496641.0000017A58870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000017A58D43DB7 rdtsc 9_2_0000017A58D43DB7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Masquerading		OS Credential Dumping21
Security Software Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		31
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		11
Process Injection		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain Credentials21
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577326 Sample: do.ps1 Startdate: 18/12/2024 Architecture: WINDOWS Score: 52 32 youtube.com 2->32 34 youtube-ui.l.google.com 2->34 36 34 other IPs or domains 2->36 44 Multi AV Scanner detection for submitted file 2->44 46 AI detected suspicious sample 2->46 8 firefox.exe 1 2->8         started        10 powershell.exe 15 2->10         started        12 svchost.exe 1 1 2->12         started        signatures3 process4 process5 14 firefox.exe 12 213 8->14         started        18 conhost.exe 10->18         started        20 firefox.exe 1 10->20         started        dnsIp6 38 youtube.com 142.250.181.110, 443, 49720, 49721 GOOGLEUS United States 14->38 40 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49722, 49730, 49735 GOOGLEUS United States 14->40 42 10 other IPs or domains 14->42 28 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 14->28 dropped 30 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 14->30 dropped 22 firefox.exe 1 14->22         started        24 firefox.exe 1 14->24         started        26 firefox.exe 1 14->26         started        file7 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
do.ps116%ReversingLabsText.Trojan.Generic
do.ps128%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		high
    star-mini.c10r.facebook.com
    		157.240.196.35
    		truefalse
      		high
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		high
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		high
          twitter.com
          		104.244.42.129
          		truefalse
            		high
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		high
              services.addons.mozilla.org
              		151.101.1.91
              		truefalse
                		high
                dyna.wikimedia.org
                		185.15.58.224
                		truefalse
                  		high
                  prod.remote-settings.prod.webservices.mozgcp.net
                  		34.149.100.209
                  		truefalse
                    		high
                    fp2e7a.wpc.phicdn.net
                    		192.229.221.95
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.110
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            bg.microsoft.map.fastly.net
                            		199.232.214.172
                            		truefalse
                              		high
                              youtube-ui.l.google.com
                              		172.217.19.238
                              		truefalse
                                		high
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                		34.149.128.2
                                		truefalse
                                  		high
                                  reddit.map.fastly.net
                                  		151.101.193.140
                                  		truefalse
                                    		high
                                    ipv4only.arpa
                                    		192.0.0.171
                                    		truefalse
                                      		high
                                      prod.ads.prod.webservices.mozgcp.net
                                      		34.117.188.166
                                      		truefalse
                                        		high
                                        push.services.mozilla.com
                                        		34.107.243.93
                                        		truefalse
                                          		high
                                          normandy-cdn.services.mozilla.com
                                          		35.201.103.21
                                          		truefalse
                                            		high
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            		34.120.208.123
                                            		truefalse
                                              		high
                                              www.reddit.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                spocs.getpocket.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  content-signature-2.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    support.mozilla.org
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      firefox.settings.services.mozilla.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.youtube.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.facebook.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            detectportal.firefox.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              normandy.cdn.mozilla.net
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                shavar.services.mozilla.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  www.wikipedia.org
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://detectportal.firefox.com/firefox.exe, 00000005.00000003.2400264014.00000172DD00B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 00000005.00000003.2385355226.00000172E8E3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348059875.00000172E6E19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2375071792.00000172D9D65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2371948725.00000172D91F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357011958.00000172E8E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.mozilla.com0gmpopenh264.dll.tmp.5.drfalse
                                                                                		high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.leboncoin.fr/firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.2331660872.00000172E64F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://shavar.services.mozilla.comfirefox.exe, 00000005.00000003.2393388234.00000172E618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2331787069.00000172E618B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2395506265.00000172E32F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://monitor.firefox.com/breach-details/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254687924.00000172E6F38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.msn.comfirefox.exe, 00000005.00000003.2396846763.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411243072.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2218657082.00000172DD9F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.2188957382.00000202ED0C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2188957382.00000202ECF8E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000005.00000003.2230444167.00000172E6089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.2159344943.00000202DCF11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://youtube.com/firefox.exe, 00000005.00000003.2411524758.00000172DD97F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2411758938.00000172DD96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2395227625.00000172E3D47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2396846763.00000172DD965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2408829879.00000172E3D47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.2159344943.00000202DD142000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2192380794.00000202F4F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.instagram.com/firefox.exe, 00000005.00000003.2282955847.00000172E6FE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.2159344943.00000202DD142000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2192380794.00000202F4F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.5.drfalse
                                                                                                                                              		high
                                                                                                                                              https://www.amazon.com/firefox.exe, 00000005.00000003.2331660872.00000172E64F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 00000005.00000003.2331787069.00000172E61B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://contoso.com/Iconpowershell.exe, 00000000.00000002.2159344943.00000202DE896000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crl.ver)svchost.exe, 00000006.00000002.3401061773.0000027725C00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.youtube.com/firefox.exe, 00000005.00000003.2331787069.00000172E6175000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A5830A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.2159344943.00000202DD142000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2192380794.00000202F4F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.bbc.co.uk/firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000005.00000003.2396385681.00000172E28CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204670250.00000172E28B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3393523616.0000017A583C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://127.0.0.1:firefox.exe, 00000005.00000003.2417153575.00000172DC0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000005.00000003.2339579817.00000172E6CD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000005.00000003.2324738649.00000172E650D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://bugzilla.mofirefox.exe, 00000005.00000003.2391112843.00000172E627D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000005.00000003.2395506265.00000172E32F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.5.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://shavar.services.mozilla.com/firefox.exe, 00000005.00000003.2398621059.00000172DD2C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://spocs.getpocket.com/firefox.exe, 00000009.00000002.3393523616.0000017A5835F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3394304592.0000015E47A13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.iqiyi.com/firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 00000007.00000002.3394967565.0000027A37C72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://monitor.firefox.com/user/dashboardfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://monitor.firefox.com/aboutfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2348516102.00000172E6E59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348113765.00000172E6EA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2280529454.00000172E3C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418567396.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2326378591.00000172DAAD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2365769947.00000172E3CDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2212805008.00000172E3CD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2297309334.00000172E6EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2297001818.00000172E658F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2183422434.00000172D9917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2180082608.00000172D9910000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2186628401.00000172D92CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292522743.00000172DA1E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2294541636.00000172DAA8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302772565.00000172E3CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2338496554.00000172DAAFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2189711417.00000172D9DBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2312563904.00000172E6CBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302894532.00000172E3C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2407888131.00000172E61E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2325052563.00000172E658B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://login.microsoftonline.comfirefox.exe, 00000005.00000003.2205326663.00000172DBBBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221832217.00000172DBBBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://coverage.mozilla.orgfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.5.drfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2403230386.00000172DCF14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2403230386.00000172DCF14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000005.00000003.2398523329.00000172DD2EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000005.00000003.2410238131.00000172E286A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://profiler.firefox.comfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 00000005.00000003.2348113765.00000172E6EA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347028727.00000172D6BC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://identity.mozilla.com/apps/relayfirefox.exe, 00000005.00000003.2331343836.00000172E683C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2389134175.00000172E6843000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000005.00000003.2415793623.00000172DC539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404440180.00000172DC531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 00000005.00000003.2357490038.00000172E79C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347028727.00000172D6B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 00000005.00000003.2357286601.00000172E82B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337496535.00000172E82B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000005.00000003.2400062525.00000172DD113000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://www.amazon.co.uk/firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://monitor.firefox.com/user/preferencesfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://screenshots.firefox.com/firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://www.google.com/searchfirefox.exe, 00000005.00000003.2176672611.00000172D9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177743135.00000172D9929000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254687924.00000172E6F38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2177166504.00000172D9907000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2178325513.00000172D994A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://gpuweb.github.io/gpuweb/firefox.exe, 00000005.00000003.2396846763.00000172DD95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215867644.00000172E3D89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412083513.00000172DD95E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://relay.firefox.com/api/v1/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://topsites.services.mozilla.com/cid/firefox.exe, 00000007.00000002.3394396223.0000027A37A20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3398880481.0000017A58970000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.3398756288.0000015E47C00000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          https://www.wykop.pl/firefox.exe, 00000005.00000003.2399639792.00000172DD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                            151.101.1.91
                                                                                                                                                                                                                                                                            		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                                                                            		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                                                                            		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            142.250.181.110
                                                                                                                                                                                                                                                                            		youtube.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                                                                            		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                                                                            		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                                                                            		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                                                                            		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                                                                            		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                                                                            		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                                                                            		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                            Analysis ID:1577326
                                                                                                                                                                                                                                                                            Start date and time:2024-12-18 11:50:45 +01:00
                                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                            Overall analysis duration:0h 6m 19s
                                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:13
                                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                            Sample name:do.ps1
                                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                                            Classification:mal52.winPS1@21/44@65/12
                                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 25%
                                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                                                            • Number of executed functions: 4
                                                                                                                                                                                                                                                                            • Number of non-executed functions: 1
                                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                                            • Found application associated with file extension: .ps1

                                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 184.28.90.27, 44.228.225.150, 52.40.120.141, 44.240.87.158, 172.217.17.46, 88.221.134.155, 88.221.134.209, 142.250.181.106, 142.250.181.138, 20.190.177.149, 13.107.246.63, 172.202.163.200
                                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, safebrowsing.googleapis.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 2728 because it is empty
                                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.

                                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                                                            05:51:38API Interceptor5x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                            05:51:40API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                                                            05:51:57API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            34.117.188.166https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                151.101.1.91P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    34.149.100.209https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                      tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        34.160.144.191https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                            example.orghttps://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                            star-mini.c10r.facebook.comYF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                            https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                            http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                            https://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 31.13.69.35
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                            • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                            twitter.comhttps://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                            FASTLYUShttp://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 151.101.194.208
                                                                                                                                                                                                                                                                                                                                                            urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                                                                            • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                                            urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                                            x0EMKX5G1g.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                                            • 185.199.108.133
                                                                                                                                                                                                                                                                                                                                                            x0EMKX5G1g.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                                            http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//docs.google.com/drawings/d/1GBvP8EGp9_63LeC_UMSYm_dkcuk4Q6yrMmrOzMDg_wk/preview?pli=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                                            ORDER-2412180Y6890PF57682456HTVC789378909759..jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                                                                                                                                                            • 199.232.192.209
                                                                                                                                                                                                                                                                                                                                                            Credit Card Authorization Form.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 151.101.129.229
                                                                                                                                                                                                                                                                                                                                                            https://adobe.blob.core.windows.net/adobe/adobe.html?sp=r&st=2024-12-17T20:58:07Z&se=2025-01-11T04:58:07Z&spr=https&sv=2022-11-02&sr=b&sig=vDeHaevGyq9deO2tRq9D03JLZreACGon6EF%2FhhJQk7s%3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                                            Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 185.199.108.153
                                                                                                                                                                                                                                                                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGYF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                            arm5.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.65.20.112
                                                                                                                                                                                                                                                                                                                                                            https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                            http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                            https://bu.marcel-andree.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                            174 Power Global_Enrollment_.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.42.160
                                                                                                                                                                                                                                                                                                                                                            174 Power Global_Enrollment_.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.42.160
                                                                                                                                                                                                                                                                                                                                                            https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                                            ATGS-MMD-ASUShttps://www.ispringsolutions.com/ispring-suiteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 51.250.67.239
                                                                                                                                                                                                                                                                                                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 57.144.132.1
                                                                                                                                                                                                                                                                                                                                                            twjMb9cX64.exeGet hashmaliciousSliverBrowse
                                                                                                                                                                                                                                                                                                                                                            • 51.44.82.197
                                                                                                                                                                                                                                                                                                                                                            WOlxr4yjgF.exeGet hashmaliciousSliverBrowse
                                                                                                                                                                                                                                                                                                                                                            • 51.44.82.197
                                                                                                                                                                                                                                                                                                                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 32.225.225.156
                                                                                                                                                                                                                                                                                                                                                            mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 33.125.183.47
                                                                                                                                                                                                                                                                                                                                                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 33.117.173.192
                                                                                                                                                                                                                                                                                                                                                            sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 48.10.23.227
                                                                                                                                                                                                                                                                                                                                                            arm5.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 56.3.220.202
                                                                                                                                                                                                                                                                                                                                                            arm.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 32.81.241.213
                                                                                                                                                                                                                                                                                                                                                            ATGS-MMD-ASUShttps://www.ispringsolutions.com/ispring-suiteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 51.250.67.239
                                                                                                                                                                                                                                                                                                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 57.144.132.1
                                                                                                                                                                                                                                                                                                                                                            twjMb9cX64.exeGet hashmaliciousSliverBrowse
                                                                                                                                                                                                                                                                                                                                                            • 51.44.82.197
                                                                                                                                                                                                                                                                                                                                                            WOlxr4yjgF.exeGet hashmaliciousSliverBrowse
                                                                                                                                                                                                                                                                                                                                                            • 51.44.82.197
                                                                                                                                                                                                                                                                                                                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 32.225.225.156
                                                                                                                                                                                                                                                                                                                                                            mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 33.125.183.47
                                                                                                                                                                                                                                                                                                                                                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 33.117.173.192
                                                                                                                                                                                                                                                                                                                                                            sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 48.10.23.227
                                                                                                                                                                                                                                                                                                                                                            arm5.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 56.3.220.202
                                                                                                                                                                                                                                                                                                                                                            arm.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                            • 32.81.241.213

                                                                                                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                            fb0aa01abe9d8e4037eb3473ca6e2dcahttps://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                              tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                              P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.726309969257778
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH06:9JZj5MiKNnNhoxuH
                                                                                                                                                                                                                                                                                                                                                                                MD5:E97CC16710342E69D089E683C2724EAE
                                                                                                                                                                                                                                                                                                                                                                                SHA1:1D8694D2818FC36E9C69236D7EA38F409C086DE9
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:B6B4AEF3F0FF55D4A56C2A3C6B697CBEB9350CFCEF776A80B4999D0B0803ECC8
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:884477C04F1F0F8CE914DEF551CCA91FFBFE8805A43B16D3370CAA6C0EA4573A4065EB100507856FA61E025473494C1951991881B8C875F4F7A2F95EB1432102
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Extensible storage user DataBase, version 0x620, checksum 0xfc926e0c, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.7555448392006862
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:9SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:9azaSvGJzYj2UlmOlOL
                                                                                                                                                                                                                                                                                                                                                                                MD5:CDA7EE3B25E2BDFC44EFB3A95E68527E
                                                                                                                                                                                                                                                                                                                                                                                SHA1:F97D75CB50B1F06286794495E08C3AC5F929B751
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:9093B5614C2BF2A58F9CEC639AECB536517CED9530D9E9D4A2909E212EC6C8AC
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:2F4CCC55659E7FC036F75748ABE4BEC578A56434272285066B1FE9579BB810A87902ECAC774185A27D301B9CBD3FC44B6E1E21DA5F626E79812A29269FEB5BE7
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:..n.... .......7.......X\...;...{......................0.e......!...{?.)3...|_.h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{..................................,b4-)3...|_...................`.)3...|_..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:PGP symmetric key encrypted data - salted & iterated -
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.07768897004248154
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:n0l/EYe7oZElNaAPaU1l4Ro6ylluxmO+l/SNxOf:c/Ez7S4NDPaUJgmOH
                                                                                                                                                                                                                                                                                                                                                                                MD5:EEEA98638145581B3D7FB16267AEA8AD
                                                                                                                                                                                                                                                                                                                                                                                SHA1:AE3B158C6C4630BF1FF45F48E32E74ECB1B147CD
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:E7BC6CA420E4A12D1A6DB350B37A1E8A3A2C7BC7D0C754EFD197EF7D8D758E2A
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:97F927DC9A83A3678DC32D65875FCA1686ED11B90325C84240BD032873130BB0F98F2E629D98F9DC68E9ECF02BF30021AAECAFB64D15C1A137B5742448F1186D
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:.........................................;...{..)3...|_..!...{?..........!...{?..!...{?..g...!...{?...................`.)3...|_.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_001ccfb1-388d-494d-b546-9d4165d0a845.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.173358157724524
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:3BMX1BCcbhbVbTbfbRbObtbyEl7nNgrrmJA6unSrDtTkdxSofP:3iCcNhnzFSJtgrrl1nSrDhkdxL
                                                                                                                                                                                                                                                                                                                                                                                MD5:34D7ADCB9B6A545F003D291612540813
                                                                                                                                                                                                                                                                                                                                                                                SHA1:F3ADC5892E75A2FA3B5238CF6B41EDDE1D7D2FD1
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:31BB1625F236FDFE37899FF1F1DDFC85BFD16C9A92AC3EF359BC24CCE6338331
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:5AA4D3FF5FA7056517DA02721FA77ED7346C80CBF1976682FFB884020FE76ABAFC5027A21171E7708167649330EAE190384D820034DF74D1B062C74C43DE55D4
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"type":"uninstall","id":"001ccfb1-388d-494d-b546-9d4165d0a845","creationDate":"2024-12-18T12:03:17.000Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_001ccfb1-388d-494d-b546-9d4165d0a845.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.173358157724524
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:3BMX1BCcbhbVbTbfbRbObtbyEl7nNgrrmJA6unSrDtTkdxSofP:3iCcNhnzFSJtgrrl1nSrDhkdxL
                                                                                                                                                                                                                                                                                                                                                                                MD5:34D7ADCB9B6A545F003D291612540813
                                                                                                                                                                                                                                                                                                                                                                                SHA1:F3ADC5892E75A2FA3B5238CF6B41EDDE1D7D2FD1
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:31BB1625F236FDFE37899FF1F1DDFC85BFD16C9A92AC3EF359BC24CCE6338331
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:5AA4D3FF5FA7056517DA02721FA77ED7346C80CBF1976682FFB884020FE76ABAFC5027A21171E7708167649330EAE190384D820034DF74D1B062C74C43DE55D4
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"type":"uninstall","id":"001ccfb1-388d-494d-b546-9d4165d0a845","creationDate":"2024-12-18T12:03:17.000Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:NlllulJnp/p:NllU
                                                                                                                                                                                                                                                                                                                                                                                MD5:BC6DB77EB243BF62DC31267706650173
                                                                                                                                                                                                                                                                                                                                                                                SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:@...e.................................X..............@..........

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3osnwqaz.t5o.ps1

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4voze42t.lvt.psm1

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                                MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                                SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                                MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                                SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):6224
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7194079521598984
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:P2gDslLtp/3Cy2U2UJpAukvhkvklCywI1I40lHJASogZod10VI40lwASogZod1g1:eUY/3CwTJ/kvhkvCCtkI40BHLI406HH
                                                                                                                                                                                                                                                                                                                                                                                MD5:B8D62E4F8DA805AC1FB8746F823A4C17
                                                                                                                                                                                                                                                                                                                                                                                SHA1:114299A46A1D3DF3C49DD577CE1253D568BFAE3E
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:228CCBF49A364E425C629EB202CAB5BF1840AF5F853C5F6BE4F399E087BFEB8C
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:47329AD06C9E1E2970F815715C8ECB6BA1350CE76F301EFDDDDC808E6BD719FEC0187042C82AAD28E1BD5FA2E771A67B919B247007248E36AF6B5B425A91BBFE
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:...................................FL..................F.".. ...J.S...;.-.:Q..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......$..S....J..:Q....E.:Q......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.YqV...........................^.A.p.p.D.a.t.a...B.V.1......YnV..Roaming.@......EW<2.YnV..../......................d..R.o.a.m.i.n.g.....\.1.....EW.3..MICROS~1..D......EW<2.YkV....0.....................Q%0.M.i.c.r.o.s.o.f.t.....V.1.....EW.5..Windows.@......EW<2.YkV....2.....................aQ..W.i.n.d.o.w.s.......1.....EW@2..STARTM~1..n......EW<2.YkV....5...............D.......Y.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWz5..Programs..j......EW<2.YkV....6...............@.....M.n.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW<2EW<2....7.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW<2.YsV....u...........

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BOK2X50Z02J9EQ575KXR.temp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):6224
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7194079521598984
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:P2gDslLtp/3Cy2U2UJpAukvhkvklCywI1I40lHJASogZod10VI40lwASogZod1g1:eUY/3CwTJ/kvhkvCCtkI40BHLI406HH
                                                                                                                                                                                                                                                                                                                                                                                MD5:B8D62E4F8DA805AC1FB8746F823A4C17
                                                                                                                                                                                                                                                                                                                                                                                SHA1:114299A46A1D3DF3C49DD577CE1253D568BFAE3E
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:228CCBF49A364E425C629EB202CAB5BF1840AF5F853C5F6BE4F399E087BFEB8C
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:47329AD06C9E1E2970F815715C8ECB6BA1350CE76F301EFDDDDC808E6BD719FEC0187042C82AAD28E1BD5FA2E771A67B919B247007248E36AF6B5B425A91BBFE
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:...................................FL..................F.".. ...J.S...;.-.:Q..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......$..S....J..:Q....E.:Q......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.YqV...........................^.A.p.p.D.a.t.a...B.V.1......YnV..Roaming.@......EW<2.YnV..../......................d..R.o.a.m.i.n.g.....\.1.....EW.3..MICROS~1..D......EW<2.YkV....0.....................Q%0.M.i.c.r.o.s.o.f.t.....V.1.....EW.5..Windows.@......EW<2.YkV....2.....................aQ..W.i.n.d.o.w.s.......1.....EW@2..STARTM~1..n......EW<2.YkV....5...............D.......Y.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWz5..Programs..j......EW<2.YkV....6...............@.....M.n.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW<2EW<2....7.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW<2.YsV....u...........

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.930320673877698
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLjE8P:gXiNFS+OcUGOdwiOdwBjkYLjE8P
                                                                                                                                                                                                                                                                                                                                                                                MD5:0E3B6E4BADE6A17BCAB8E9DC727CC3E9
                                                                                                                                                                                                                                                                                                                                                                                SHA1:EF9C744302DD8C2B4FAF817056FBEC33AE11D6BA
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:A251E5BF937B08FAE8F1097D66EBA4FB184A839A8B065B86B758E6E7F75C7563
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:4DD4FE9563BE28FA7950DE31E47DBD41C6E5644070866F9F23A14DB9DE8FA9FB781E772DC1314CCCA754D5A009168F7799D2D1FA14A7605811FD18C5CA28F8F1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.930320673877698
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLjE8P:gXiNFS+OcUGOdwiOdwBjkYLjE8P
                                                                                                                                                                                                                                                                                                                                                                                MD5:0E3B6E4BADE6A17BCAB8E9DC727CC3E9
                                                                                                                                                                                                                                                                                                                                                                                SHA1:EF9C744302DD8C2B4FAF817056FBEC33AE11D6BA
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:A251E5BF937B08FAE8F1097D66EBA4FB184A839A8B065B86B758E6E7F75C7563
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:4DD4FE9563BE28FA7950DE31E47DBD41C6E5644070866F9F23A14DB9DE8FA9FB781E772DC1314CCCA754D5A009168F7799D2D1FA14A7605811FD18C5CA28F8F1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                                MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                                SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                                MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                                SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                                MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                                SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                                MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                                SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                                MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                                SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                                MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                                SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                                MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                                SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                                SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                                SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.035615874395153645
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:GtlstF0nVaq/EBr94lstF0nVaq/EBrlZ89//alEl:GtWt2ntoR4Wt2ntoJZ89XuM
                                                                                                                                                                                                                                                                                                                                                                                MD5:36300A541AD988B3AB5ADBF77E5AD9C0
                                                                                                                                                                                                                                                                                                                                                                                SHA1:2D9A1CD4F869DC4584338928E8C84E23A7076F79
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:87389A84BA9EBA3C98467A65F0A88D845B8B4FF9C626F3EAC3F200745EAEEAE2
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:7C6D88593DA8F164EE2F8DD87FEA7D97AF23ADC3CBF288B4DBEBDF4A78903A56691CB812F2A520B66621110A962472B973755D41B73F3534DFFA728E0CA8653E
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:..-.......................O."....%.. .....1.d....-.......................O."....%.. .....1.d..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.03474568229166295
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:Ol19aFyjIgfAdMyavx5SrV//mwl8XW3R2:KyyshQSpuw93w
                                                                                                                                                                                                                                                                                                                                                                                MD5:4E54BFDDE05FC4078B6C3FCF21AB3AB5
                                                                                                                                                                                                                                                                                                                                                                                SHA1:4296AC2F5746E35A25D46CA3D5D90A7ACCD85B7B
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:30372B1858B563E69F19D94E83C57BA8453A6C9FFDC7ED45E0BE2454BCA2749A
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:8969F562132DF1FD69FEA2525B4732A3C06324D743BCED69FB72820923529A4A4297B22C5E6EB7562DF87E0FCC15550A3FC699FDBE95797C0E6A8F2971F90F4A
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:7....-...........%.. ...v.(.L(..........%.. ....O....."................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.467092496338889
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:1nTFTRRUYbBp6YLZNMGaXV6qU41rzy+/3/7bIM5RYiNBw8dFSl:1KexFNMQi3yC8kdw60
                                                                                                                                                                                                                                                                                                                                                                                MD5:2E3CABB4DF758EC0C350D1C40BCC5C18
                                                                                                                                                                                                                                                                                                                                                                                SHA1:5B2269DFE5C3F2BFF44B82FA7D810663FEA1D7FC
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:33FF3E5B278FBA588C5B199A6E59D766F7E0F405951D60464ED35B2857D690A4
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:83033BFBA979F245ACF98E6037489576FA02AFA9C36A460FEE08FECE41CB126BC820A4D6BA534A11D488FB888935F959AFDC5A3A512C9C3747BC9AD283BE28E0
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734523366);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734523366);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734523366);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173452

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.467092496338889
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:1nTFTRRUYbBp6YLZNMGaXV6qU41rzy+/3/7bIM5RYiNBw8dFSl:1KexFNMQi3yC8kdw60
                                                                                                                                                                                                                                                                                                                                                                                MD5:2E3CABB4DF758EC0C350D1C40BCC5C18
                                                                                                                                                                                                                                                                                                                                                                                SHA1:5B2269DFE5C3F2BFF44B82FA7D810663FEA1D7FC
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:33FF3E5B278FBA588C5B199A6E59D766F7E0F405951D60464ED35B2857D690A4
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:83033BFBA979F245ACF98E6037489576FA02AFA9C36A460FEE08FECE41CB126BC820A4D6BA534A11D488FB888935F959AFDC5A3A512C9C3747BC9AD283BE28E0
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734523366);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734523366);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734523366);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173452

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                                MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                                SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 5856 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.344892577359836
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:2pOxxQheU7KyrnSMPO3TptwfwoLYLTRhpK:be+2SMG33YMdhpK
                                                                                                                                                                                                                                                                                                                                                                                MD5:1C56F6F8CBD586B15EDBC36A20B3F9E8
                                                                                                                                                                                                                                                                                                                                                                                SHA1:DEAF98C323A37D48E12BE1D2305313BA00A368C3
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:F01CA167C9E01D5D0B6FF57CDA0B887283F7EC4445A79255FF700F808A70A760
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B3611E5E8ECD2A74CD7DB6FFF82E591E44BE6DB07B527E48A31A59B514161AE218FA07DAC714FB781114F6C48CE9902CE96975B7596124B5C215F1C814772F9E
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{d760ff61-81a4-47fe-bbf2-22edee787bd8}","resultPrincipalURI":null,"hasUserInteracte...false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1734523387791,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT[.@],"_...C..`GroupCG..":-1,"busy...t...Flags":2167541758....dth":1164,"height":8...screenX":4...Y..Aizem..."normal"...BeforeMinimiz...#..workspace4...46f3a197-db49-410a-81b3-94975c835573","z>..1...Wh..f........e..4....1":{..mUpdate...startTim..P36102...centCrash..B0},".....Dcook.. ho]..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..`"taarI..bsecure...,[.Donly..fexpiry...v..9,"originA...."firstP

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 5856 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.344892577359836
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:2pOxxQheU7KyrnSMPO3TptwfwoLYLTRhpK:be+2SMG33YMdhpK
                                                                                                                                                                                                                                                                                                                                                                                MD5:1C56F6F8CBD586B15EDBC36A20B3F9E8
                                                                                                                                                                                                                                                                                                                                                                                SHA1:DEAF98C323A37D48E12BE1D2305313BA00A368C3
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:F01CA167C9E01D5D0B6FF57CDA0B887283F7EC4445A79255FF700F808A70A760
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B3611E5E8ECD2A74CD7DB6FFF82E591E44BE6DB07B527E48A31A59B514161AE218FA07DAC714FB781114F6C48CE9902CE96975B7596124B5C215F1C814772F9E
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{d760ff61-81a4-47fe-bbf2-22edee787bd8}","resultPrincipalURI":null,"hasUserInteracte...false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1734523387791,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT[.@],"_...C..`GroupCG..":-1,"busy...t...Flags":2167541758....dth":1164,"height":8...screenX":4...Y..Aizem..."normal"...BeforeMinimiz...#..workspace4...46f3a197-db49-410a-81b3-94975c835573","z>..1...Wh..f........e..4....1":{..mUpdate...startTim..P36102...centCrash..B0},".....Dcook.. ho]..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..`"taarI..bsecure...,[.Donly..fexpiry...v..9,"originA...."firstP

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 5856 bytes
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1576
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.344892577359836
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:2pOxxQheU7KyrnSMPO3TptwfwoLYLTRhpK:be+2SMG33YMdhpK
                                                                                                                                                                                                                                                                                                                                                                                MD5:1C56F6F8CBD586B15EDBC36A20B3F9E8
                                                                                                                                                                                                                                                                                                                                                                                SHA1:DEAF98C323A37D48E12BE1D2305313BA00A368C3
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:F01CA167C9E01D5D0B6FF57CDA0B887283F7EC4445A79255FF700F808A70A760
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B3611E5E8ECD2A74CD7DB6FFF82E591E44BE6DB07B527E48A31A59B514161AE218FA07DAC714FB781114F6C48CE9902CE96975B7596124B5C215F1C814772F9E
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{d760ff61-81a4-47fe-bbf2-22edee787bd8}","resultPrincipalURI":null,"hasUserInteracte...false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1734523387791,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT[.@],"_...C..`GroupCG..":-1,"busy...t...Flags":2167541758....dth":1164,"height":8...screenX":4...Y..Aizem..."normal"...BeforeMinimiz...#..workspace4...46f3a197-db49-410a-81b3-94975c835573","z>..1...Wh..f........e..4....1":{..mUpdate...startTim..P36102...centCrash..B0},".....Dcook.. ho]..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..`"taarI..bsecure...,[.Donly..fexpiry...v..9,"originA...."firstP

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                                MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                                                SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.008925882828131
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:YrSAY3HqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yc3CTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                MD5:34E298708958B57F0E3F92C80A964FDB
                                                                                                                                                                                                                                                                                                                                                                                SHA1:C0C8B1442FADDA7650C5FAC1E7E2AE6CE9B61D81
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:58BD5A8BB378D352DA62FBE7BBD03C85A831129B4A15DC80CA3BA68FAF3D3584
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:6129B7390965C950277F5AD9C4C4E6C75A79E500DD355A3603F16B5014A87102A128B0A43EBEA894B60AAD6F6F80C58D477712ECB2E92AC04CD555F56485DE29
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-18T12:02:37.256Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.008925882828131
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:YrSAY3HqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yc3CTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                MD5:34E298708958B57F0E3F92C80A964FDB
                                                                                                                                                                                                                                                                                                                                                                                SHA1:C0C8B1442FADDA7650C5FAC1E7E2AE6CE9B61D81
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:58BD5A8BB378D352DA62FBE7BBD03C85A831129B4A15DC80CA3BA68FAF3D3584
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:6129B7390965C950277F5AD9C4C4E6C75A79E500DD355A3603F16B5014A87102A128B0A43EBEA894B60AAD6F6F80C58D477712ECB2E92AC04CD555F56485DE29
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-18T12:02:37.256Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):138
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.508320854687134
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJ8KgfHVEBQulvhJBAuqRrHvN+M4fHhY:YGNTG/SJ8Kgf1Epv54rH0vHhY
                                                                                                                                                                                                                                                                                                                                                                                MD5:3D077488383DEAFEC70CCB166831D6F9
                                                                                                                                                                                                                                                                                                                                                                                SHA1:86CEAB4DE0AA8937A5AB50CE230C8F8335687B04
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D7AD2ADEBD1FD25B9A749DF2AF8E8FC4185CBBDDF321C07D07FD34C240FDE8CE
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:C70A8F7D761DAFA78F38335B4714376C1348C7C781E3D6C98E93481A3469EE5E34D3AA10F4D78C1C48C8CB5C903677E8A74A733299150F8EB3996A64979FF51B
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"sizemode":"normal","screenX":"4","screenY":"4","width":"1164","height":"891"}}}

                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):138
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.508320854687134
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJ8KgfHVEBQulvhJBAuqRrHvN+M4fHhY:YGNTG/SJ8Kgf1Epv54rH0vHhY
                                                                                                                                                                                                                                                                                                                                                                                MD5:3D077488383DEAFEC70CCB166831D6F9
                                                                                                                                                                                                                                                                                                                                                                                SHA1:86CEAB4DE0AA8937A5AB50CE230C8F8335687B04
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D7AD2ADEBD1FD25B9A749DF2AF8E8FC4185CBBDDF321C07D07FD34C240FDE8CE
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:C70A8F7D761DAFA78F38335B4714376C1348C7C781E3D6C98E93481A3469EE5E34D3AA10F4D78C1C48C8CB5C903677E8A74A733299150F8EB3996A64979FF51B
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"sizemode":"normal","screenX":"4","screenY":"4","width":"1164","height":"891"}}}

                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                File type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.198066849637537
                                                                                                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                                                                                                  File name:do.ps1
                                                                                                                                                                                                                                                                                                                                                                                  File size:2'372 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5:7ba537d48ce1c8a2bff3fb660bbdc665
                                                                                                                                                                                                                                                                                                                                                                                  SHA1:53a23738f65ccdcb29a7ed42a90060caf860e5c3
                                                                                                                                                                                                                                                                                                                                                                                  SHA256:dc2811fd6fc3f139fc9d1419913fd5598ed3c1f0ec94f0754edfabb10d171593
                                                                                                                                                                                                                                                                                                                                                                                  SHA512:898abb12822494f281078f7583dbbbbe09ecb8e064338e3b0ed6cd1bf51fcae22437a8b42269b498d1138ec46be7b62d133008a80d864ac7e21feb8ef7e30c80
                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:d5d/4g/2q5gqm6TW7nnWfi1cU8zd3l+22SxuEMJQfweVX8gRBaO6RtR:Hii2bWK1cUcd3slEYS6RtR
                                                                                                                                                                                                                                                                                                                                                                                  TLSH:56419ADDCACA01642F67D7F626901C46B6A6581CF1990193B1BF0543DBE8BDA41CF12D
                                                                                                                                                                                                                                                                                                                                                                                  File Content Preview:$firefoxPathX86 = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"..$firefoxPathX64 = "C:\Program Files\Mozilla Firefox\firefox.exe"..$operaGXPathX86 = "$env:UserProfile\AppData\Local\Programs\Opera GX\opera.exe"..$operaGXPathX64 = "$env:UserProfile\A

                                                                                                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                                                                                                  Icon Hash:3270d6baae77db44

                                                                                                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.586344004 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.586399078 CET4434971935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.586625099 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.586663961 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.588939905 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.589647055 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.595349073 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.595371008 CET4434971935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.597839117 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.597858906 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.049936056 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.049999952 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.059092999 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.059200048 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.060678005 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.060715914 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.178745985 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.178843975 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.179003000 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.298791885 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.809392929 CET4434971935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.816917896 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237059116 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237101078 CET4434971935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237267971 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237361908 CET4434971935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237440109 CET49719443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237721920 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237771988 CET4434972835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.237853050 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.239228010 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.239245892 CET4434972835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.261913061 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.311382055 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.481348991 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.482029915 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.490814924 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.490837097 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.507704020 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.507726908 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.507819891 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.507932901 CET44349720142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.511955023 CET49720443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.699104071 CET4973080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.700023890 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.700079918 CET4434973134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.703968048 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.705471992 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.705492973 CET4434973134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.747998953 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.748022079 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.748712063 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.749236107 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.749263048 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.753638983 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.753649950 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.753751993 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.753767967 CET44349721142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.753957033 CET49721443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.819194078 CET804973034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.819936037 CET4973080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.820265055 CET4973080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.939980030 CET804973034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.210613012 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.210659981 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.211524010 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.211669922 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.211678982 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.212321043 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.212331057 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.212450027 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.213884115 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.213892937 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223119020 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223162889 CET4434973434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223289013 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223380089 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223392010 CET4434973434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.269432068 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.389571905 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.444822073 CET4434972835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.444894075 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.449517965 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.449527979 CET4434972835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.449599981 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.449748993 CET4434972835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.449806929 CET49728443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.583873987 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.627779961 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.642086983 CET4973080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.754637957 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.756361961 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.762442112 CET804973034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.770914078 CET4973080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.874252081 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.875835896 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.875911951 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.876161098 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.936319113 CET4434973134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.937597036 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.942516088 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.942538023 CET4434973134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.942591906 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.942682028 CET4434973134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.942889929 CET49731443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.995628119 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.068831921 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.122592926 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.423490047 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.429898977 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.431868076 CET4434973434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.435326099 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.435359955 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.435359955 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.438262939 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.438267946 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.454426050 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.454433918 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.454665899 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.473634958 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.473679066 CET4434973434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.473896980 CET4434973434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.514427900 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.514514923 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.514602900 CET4434973235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.517360926 CET49732443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.537626028 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.548104048 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.548166037 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.548264027 CET4434973434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.557864904 CET49734443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.568454027 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.568466902 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.568536997 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.568628073 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.577729940 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.764678955 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.767288923 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.884608984 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.884689093 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.887012959 CET804972234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.887070894 CET4972280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.105102062 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.114877939 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.114918947 CET4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.116842985 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.118415117 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.118427038 CET4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.180980921 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.225364923 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.225455046 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.225642920 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.301353931 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.301465988 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.301738977 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.345208883 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.421195984 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.306113005 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.359323025 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.365365028 CET4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.365434885 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370363951 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370373011 CET4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370477915 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370516062 CET4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370625973 CET49743443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370815992 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370857000 CET4434974934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.370918989 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.372227907 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.372251034 CET4434974934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.383461952 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.437736034 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.584703922 CET4434974934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.584789038 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.589138031 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.589157104 CET4434974934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.589232922 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.589325905 CET4434974934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:52.589374065 CET49749443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.606142044 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.607397079 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.725749016 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.727626085 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.920757055 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.923367023 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.967098951 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.967155933 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.511868954 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.517402887 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.632469893 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.637469053 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.838298082 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.840127945 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.891144037 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.891177893 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.461502075 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.581950903 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.868097067 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.868146896 CET4434976935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.870784998 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.870939016 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.870950937 CET4434976935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:59.119342089 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:59.181742907 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.374078989 CET4434976935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.374150038 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.377681017 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.377695084 CET4434976935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.377943993 CET4434976935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.380721092 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.380816936 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.380866051 CET4434976935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:00.380944014 CET49769443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.202878952 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.202944040 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.203109980 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.204534054 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.204561949 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.330430984 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.450058937 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.644088030 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.701009035 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.363254070 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.367584944 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.367650032 CET4434977734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.368549109 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.370075941 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.370086908 CET4434977734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.425481081 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.425571918 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.430877924 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.430907965 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.430965900 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.431169033 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.431231976 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.482985973 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.489283085 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.489339113 CET4434977834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.489433050 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.490854979 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.490869045 CET4434977834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.500725985 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.621467113 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.645239115 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.645330906 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.645431042 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.646840096 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.646877050 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.678505898 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.728807926 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.815548897 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.822386980 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.860347033 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.942116976 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.136548996 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.184910059 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.583520889 CET4434977734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.583607912 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.702876091 CET4434977834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.702944040 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.855736017 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.855839968 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769625902 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769658089 CET4434977734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769747972 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769833088 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769864082 CET4434977834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769923925 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769956112 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.769999027 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.770112991 CET4434977734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.770184994 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.770440102 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.770500898 CET4434977834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.770571947 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.770639896 CET4434979134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.771092892 CET49777443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.771111965 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.771132946 CET49778443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.771146059 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.772636890 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.772659063 CET4434979134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.820432901 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.824780941 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.824832916 CET4434979234.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.826766014 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.828351021 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.828367949 CET4434979234.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.830166101 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.830204010 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.830518961 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.832133055 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.832145929 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.939950943 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.134041071 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.138281107 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.181328058 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.258080959 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.452001095 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.497819901 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.992558956 CET4434979134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.992641926 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.997308969 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.997334003 CET4434979134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.997406006 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.997595072 CET4434979134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.999298096 CET49791443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.002629042 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019295931 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019359112 CET4434979934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019608021 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019649029 CET4434980034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019671917 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019787073 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.019794941 CET4434979934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.023442984 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.030849934 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.030872107 CET4434980034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.038640976 CET4434979234.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.038723946 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.039887905 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.042846918 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.042859077 CET4434979234.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.042943954 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.043101072 CET4434979234.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.046176910 CET49792443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.046199083 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.051253080 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.051276922 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.051449060 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.051549911 CET4434979334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.052591085 CET49793443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055166960 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055226088 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055455923 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055489063 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055583000 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055708885 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055711031 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.055726051 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.056452036 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.056461096 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.072611094 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.072665930 CET4434980334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.073103905 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.074510098 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.074537992 CET4434980334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.122541904 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.316225052 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.319240093 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.362658978 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.438839912 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.632453918 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.685854912 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.223210096 CET4434979934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.223320961 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.226722956 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.226736069 CET4434979934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.227016926 CET4434979934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.228914976 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.229036093 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.229077101 CET4434979934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.229216099 CET49799443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.231929064 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.238349915 CET4434980034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.238687992 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.241533995 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.241552114 CET4434980034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.241811037 CET4434980034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.243905067 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.244031906 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.244043112 CET4434980034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.245018959 CET49800443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.262389898 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.262799025 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.264478922 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.265423059 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.266123056 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.266140938 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.266375065 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.268533945 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.268557072 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.268953085 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271327972 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271437883 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271455050 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271465063 CET4434980234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271663904 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271718979 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271848917 CET4434980134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.271967888 CET49801443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.273678064 CET49802443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.285561085 CET4434980334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.285654068 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.291035891 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.291058064 CET4434980334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.291136026 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.291266918 CET4434980334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.291750908 CET49803443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.294969082 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.295012951 CET4434980634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.295188904 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.296607971 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.296622992 CET4434980634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.351632118 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.557115078 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.560445070 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.604171038 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.679940939 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.874053955 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.920614004 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.501501083 CET4434980634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.501600027 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.507251978 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.507273912 CET4434980634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.507375002 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.507538080 CET4434980634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.510035038 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.510869026 CET49806443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.512264013 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.512311935 CET4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.512458086 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.513840914 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.513863087 CET4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.629576921 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.824222088 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.827418089 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.870188951 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.946973085 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.141336918 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.193242073 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.726738930 CET4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.726818085 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.732101917 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.732116938 CET4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.732219934 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.732278109 CET4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.733336926 CET49810443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.735265970 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.858041048 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.882251978 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.882296085 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.884696007 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.884999037 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.885008097 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.898242950 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.898271084 CET4434981634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.899117947 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.900556087 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.900566101 CET4434981634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.907536030 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.907569885 CET4434981734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.907742023 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.907828093 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.907835007 CET4434981734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.939574003 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.939615965 CET4434981935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.940663099 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.942502975 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.942516088 CET4434981935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.043747902 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.043800116 CET44349820151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.045214891 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.045347929 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.045361042 CET44349820151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.051774979 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.054414034 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.083427906 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.083457947 CET4434982135.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.083777905 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.085263968 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.085284948 CET4434982135.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.095911980 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.173918009 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.368268013 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.412411928 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.091770887 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.091862917 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.095453024 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.095459938 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.095700979 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.098014116 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.098133087 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.098167896 CET4434981535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.098315954 CET49815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.102279902 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.105103016 CET4434981634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.105207920 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.110183001 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.110189915 CET4434981634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.110286951 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.110407114 CET4434981634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.110498905 CET49816443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.113761902 CET4434981734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.113833904 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.117024899 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.117032051 CET4434981734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.117340088 CET4434981734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.120078087 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.120178938 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.120242119 CET4434981734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.120341063 CET49817443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.149211884 CET4434981935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.149296999 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.154426098 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.154450893 CET4434981935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.154548883 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.154581070 CET4434981935.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.155188084 CET49819443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.223009109 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.263595104 CET44349820151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.263694048 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.266710043 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.266727924 CET44349820151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.266983032 CET44349820151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.269879103 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.269975901 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.270078897 CET44349820151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.276715040 CET49820443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.278939009 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.278987885 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.279376030 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.279485941 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.279494047 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.281280041 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.281311989 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.281517029 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.281603098 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.281613111 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.283294916 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.283345938 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.283401966 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.283495903 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.283508062 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.294831991 CET4434982135.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.294904947 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.298707962 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.298738956 CET4434982135.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.298800945 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.298871040 CET4434982135.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.299122095 CET49821443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.313904047 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.313956976 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.314507008 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.314609051 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.314626932 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.416975975 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.420839071 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.462311029 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.540447950 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.734757900 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.778834105 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.486891031 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.487108946 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.488456964 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.489815950 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.490117073 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.490128994 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.490329981 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.490329981 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.490550041 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.492716074 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.492724895 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.493222952 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.494957924 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.494978905 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.495301008 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499002934 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499236107 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499305010 CET4434982435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499404907 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499444962 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499663115 CET4434982535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499788046 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499835968 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.499988079 CET49825443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.500031948 CET4434982335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.500062943 CET49824443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.500390053 CET49823443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.506650925 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.527530909 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.527606964 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.531452894 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.531488895 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.531891108 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.533818007 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.533915043 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.534012079 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.534419060 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.534447908 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.626297951 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.826060057 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.829181910 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.882169008 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.948821068 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:15.143601894 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:15.202723980 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:22.869923115 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:22.989429951 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.189547062 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.189558029 CET4434985334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.189636946 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.190016985 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.191092014 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.191102982 CET4434985334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.193835974 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.231338978 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.318228006 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.512170076 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.553466082 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.405042887 CET4434985334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.405118942 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.409462929 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.409481049 CET4434985334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.409563065 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.409714937 CET4434985334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.410176992 CET49853443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.412300110 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.532713890 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.726295948 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.730005026 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.772699118 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.849733114 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:25.056154013 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:25.104820013 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:34.740067005 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:34.859939098 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:35.056591988 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:35.176110983 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.670586109 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.670638084 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.671399117 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.671854973 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.671868086 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.672852039 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.672907114 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.673019886 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.673063993 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683048964 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683049917 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683218956 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683229923 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683393002 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683408976 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683685064 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683747053 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683816910 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683837891 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683854103 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683912039 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683953047 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.683964968 CET4434990334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684051037 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684060097 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684081078 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684130907 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684146881 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684220076 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.684230089 CET4434990334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.887547970 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.887690067 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.888983011 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.889002085 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.889075994 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.889094114 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.889112949 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.889255047 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.891199112 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.891213894 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.891495943 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.892563105 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.893012047 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.893203020 CET4434990334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.893927097 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.893944025 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.894182920 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.896277905 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.896302938 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.896625042 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.897177935 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.897192001 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.897223949 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.900230885 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.900262117 CET4434990334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.900505066 CET4434990334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.902529955 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.902542114 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.902868986 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.904700994 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.904731989 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.905004978 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.908627987 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.908838034 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.908881903 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.909079075 CET49898443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.909099102 CET4434989834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.910154104 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.910201073 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911218882 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911243916 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911396027 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911442041 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911854029 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911874056 CET4434989934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911912918 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.911919117 CET4434990034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.912576914 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.912611008 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.912827015 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.912839890 CET49900443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.912842035 CET49899443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.913089991 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.913108110 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.915535927 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.915630102 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.915709972 CET4434990334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.915911913 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.915977955 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.916172028 CET4434990234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917057991 CET49903443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917076111 CET49902443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917089939 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917498112 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917506933 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917785883 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917903900 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.917999029 CET4434990134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.918909073 CET49901443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.921222925 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.229330063 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.327055931 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.333266020 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.336263895 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.349030972 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.376518011 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.455749989 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.649888039 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.699664116 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.853152037 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.853185892 CET4434991134.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.853266954 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.855164051 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.855179071 CET4434991134.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.412168980 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.412246943 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.412893057 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.413100958 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.415589094 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.415596962 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.415858984 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.418250084 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.418260098 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.418643951 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.421040058 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.421154022 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.421225071 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.421356916 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.421425104 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.421518087 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.423813105 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.433070898 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.433094025 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.433098078 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.543277979 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.751430035 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.754734993 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.803090096 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.874259949 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.066860914 CET4434991134.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.066978931 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.068325996 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.071511030 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.071522951 CET4434991134.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.071655035 CET4434991134.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.071703911 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.071712971 CET4434991134.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.072138071 CET49911443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.073982000 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.119556904 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.194493055 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.389580011 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.392730951 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.436063051 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.512909889 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.707634926 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.752604008 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:56.396831989 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:56.517447948 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:56.713437080 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:56.834253073 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:06.526674032 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:06.648559093 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:06.842745066 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:06.962249994 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:16.663717031 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:16.826982021 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:16.977624893 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:17.097758055 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:26.829557896 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:26.949151039 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:27.114978075 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:27.235582113 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.077107906 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.077155113 CET4435001334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.077234983 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.078804016 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.078828096 CET4435001334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.285048962 CET4435001334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.285253048 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.293006897 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.293020010 CET4435001334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.293164968 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.293180943 CET4435001334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.293433905 CET50013443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.296308994 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.419600964 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.610335112 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.613867998 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.653515100 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.733771086 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.927620888 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.976596117 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:39.623142958 CET4974480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:39.742696047 CET804974434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:39.939486980 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:40.059767962 CET804974234.107.221.82192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.310941935 CET6546853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.311744928 CET5410653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.450815916 CET53541061.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.588047028 CET5244253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.588661909 CET5510753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.589647055 CET5830753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.726821899 CET53524421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.727598906 CET5377753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.728183985 CET53583071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.728744030 CET6328653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.731162071 CET53551071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.732506990 CET5262653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.865839958 CET53632861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.867736101 CET53537771.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.870093107 CET53526261.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.473864079 CET6252953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.491368055 CET6087153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.541193008 CET5624753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.542532921 CET5106653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.611301899 CET53625291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.628777981 CET53608711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.679322958 CET53562471.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.700562954 CET6134853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.837301970 CET53613481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.839132071 CET6419553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.977130890 CET53641951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.072711945 CET6046653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.073482037 CET5828653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.209798098 CET53604661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.211350918 CET6456453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.212718964 CET6533253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.222348928 CET53582861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223902941 CET5366453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.348297119 CET53645641.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.349104881 CET5281853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.353832960 CET53653321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.354433060 CET5697953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.360841036 CET53536641.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.385999918 CET5398053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.486637115 CET53528181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.491395950 CET53569791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.523438931 CET53539801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.132560968 CET6371853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.272058964 CET53637181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.272891045 CET5773853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.526271105 CET53577381.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.527013063 CET6086553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.607512951 CET5539753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.664895058 CET53608651.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:54.157131910 CET53567501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.532164097 CET5026153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.758301020 CET53502611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.203058004 CET5725753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.251435995 CET5687953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.340761900 CET53572571.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.343477011 CET6478553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.394702911 CET53568791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.408531904 CET5267753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.547713041 CET53526771.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.549593925 CET6299453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.553294897 CET53647851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.688456059 CET53629941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.351001978 CET5040653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.488296032 CET53504061.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.489634991 CET5311153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.626959085 CET53531111.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.627742052 CET5546753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.764872074 CET53554671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.835961103 CET5876953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.975064993 CET53587691.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.787388086 CET6224853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.787653923 CET6219053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.788044930 CET4987553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET53622481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924412966 CET53621901.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924997091 CET53498751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.925193071 CET5496653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.925760031 CET6286653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.925991058 CET5541553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET53549661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.062505960 CET53628661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.062721014 CET5317053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.063213110 CET6185953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.064126968 CET53554151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.064594984 CET6219953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.200035095 CET53531701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.201075077 CET53618591.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.202023029 CET5834953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.202404022 CET5443353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.206188917 CET53621991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339677095 CET53583491.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339809895 CET53544331.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.340540886 CET5286953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.340574026 CET5812153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.477530956 CET53581211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.478187084 CET6076953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.480566025 CET53528691.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.481657982 CET5965553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.615137100 CET53607691.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.684799910 CET53596551.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.889714003 CET6286853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.903031111 CET5585753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.903790951 CET5557253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.943320990 CET6231553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.028879881 CET53628681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.042037010 CET53558571.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.042678118 CET53555721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.044038057 CET6320353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.082437038 CET53623151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.083708048 CET5980953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.182346106 CET53632031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.183119059 CET5134453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.221565962 CET53598091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.222443104 CET6256053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.322293997 CET53513441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.359380007 CET53625601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.189312935 CET6113353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.340068102 CET53611331.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.673566103 CET5379553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.810674906 CET53537951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.921533108 CET5668553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.855201006 CET6350753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.992248058 CET53635071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:27.924034119 CET6500953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.075875044 CET53650091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.077660084 CET6186653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.217026949 CET53618661.1.1.1192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.310941935 CET192.168.2.61.1.1.10xfbc1Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.311744928 CET192.168.2.61.1.1.10x1c81Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.588047028 CET192.168.2.61.1.1.10xd836Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.588661909 CET192.168.2.61.1.1.10xd367Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.589647055 CET192.168.2.61.1.1.10x7f91Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.727598906 CET192.168.2.61.1.1.10xc3c1Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.728744030 CET192.168.2.61.1.1.10xb639Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.732506990 CET192.168.2.61.1.1.10xd261Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.473864079 CET192.168.2.61.1.1.10xe8a2Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.491368055 CET192.168.2.61.1.1.10x4c6eStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.541193008 CET192.168.2.61.1.1.10xf0e2Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.542532921 CET192.168.2.61.1.1.10xcf87Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.700562954 CET192.168.2.61.1.1.10x6bfaStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.839132071 CET192.168.2.61.1.1.10x158dStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.072711945 CET192.168.2.61.1.1.10x6fc6Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.073482037 CET192.168.2.61.1.1.10x7d3Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.211350918 CET192.168.2.61.1.1.10x72bbStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.212718964 CET192.168.2.61.1.1.10x5ad2Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.223902941 CET192.168.2.61.1.1.10x86cStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.349104881 CET192.168.2.61.1.1.10x5b9fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.354433060 CET192.168.2.61.1.1.10x6374Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.385999918 CET192.168.2.61.1.1.10x92f7Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.132560968 CET192.168.2.61.1.1.10x7df4Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.272891045 CET192.168.2.61.1.1.10xb0a6Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.527013063 CET192.168.2.61.1.1.10xa38aStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.607512951 CET192.168.2.61.1.1.10x51bStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.532164097 CET192.168.2.61.1.1.10xd337Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.203058004 CET192.168.2.61.1.1.10xfb1aStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.251435995 CET192.168.2.61.1.1.10x9ae1Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.343477011 CET192.168.2.61.1.1.10x8a92Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.408531904 CET192.168.2.61.1.1.10x397dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.549593925 CET192.168.2.61.1.1.10x56d0Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.351001978 CET192.168.2.61.1.1.10x7626Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.489634991 CET192.168.2.61.1.1.10x57bbStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.627742052 CET192.168.2.61.1.1.10x4134Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.835961103 CET192.168.2.61.1.1.10x9a48Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.787388086 CET192.168.2.61.1.1.10xf081Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.787653923 CET192.168.2.61.1.1.10x16a8Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.788044930 CET192.168.2.61.1.1.10xa0e3Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.925193071 CET192.168.2.61.1.1.10xede9Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.925760031 CET192.168.2.61.1.1.10x6ad3Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.925991058 CET192.168.2.61.1.1.10x2273Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.062721014 CET192.168.2.61.1.1.10x43f8Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.063213110 CET192.168.2.61.1.1.10x14dbStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.064594984 CET192.168.2.61.1.1.10x4954Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.202023029 CET192.168.2.61.1.1.10x73fcStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.202404022 CET192.168.2.61.1.1.10x8492Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.340540886 CET192.168.2.61.1.1.10xa82fStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.340574026 CET192.168.2.61.1.1.10x39a7Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.478187084 CET192.168.2.61.1.1.10xd475Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.481657982 CET192.168.2.61.1.1.10xcb34Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.889714003 CET192.168.2.61.1.1.10x6a75Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.903031111 CET192.168.2.61.1.1.10x48f4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.903790951 CET192.168.2.61.1.1.10x5ef1Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.943320990 CET192.168.2.61.1.1.10xb8fbStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.044038057 CET192.168.2.61.1.1.10x772dStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.083708048 CET192.168.2.61.1.1.10xe660Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.183119059 CET192.168.2.61.1.1.10xeaffStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.222443104 CET192.168.2.61.1.1.10xfdcdStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.189312935 CET192.168.2.61.1.1.10x8a1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:42.673566103 CET192.168.2.61.1.1.10x40d2Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.921533108 CET192.168.2.61.1.1.10xc6adStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.855201006 CET192.168.2.61.1.1.10x68acStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:27.924034119 CET192.168.2.61.1.1.10x4897Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.077660084 CET192.168.2.61.1.1.10x5eccStandard query (0)push.services.mozilla.com28IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:32.771400928 CET1.1.1.1192.168.2.60x4088No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:32.771400928 CET1.1.1.1192.168.2.60x4088No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:35.103652954 CET1.1.1.1192.168.2.60x11beNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:35.103652954 CET1.1.1.1192.168.2.60x11beNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.447166920 CET1.1.1.1192.168.2.60xa163No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.450732946 CET1.1.1.1192.168.2.60xfbc1No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.450732946 CET1.1.1.1192.168.2.60xfbc1No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.450815916 CET1.1.1.1192.168.2.60x1c81No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.726821899 CET1.1.1.1192.168.2.60xd836No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.728183985 CET1.1.1.1192.168.2.60x7f91No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.731162071 CET1.1.1.1192.168.2.60xd367No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.865839958 CET1.1.1.1192.168.2.60xb639No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:45.870093107 CET1.1.1.1192.168.2.60xd261No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.611301899 CET1.1.1.1192.168.2.60xe8a2No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.628777981 CET1.1.1.1192.168.2.60x4c6eNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.628777981 CET1.1.1.1192.168.2.60x4c6eNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.679265022 CET1.1.1.1192.168.2.60xcf87No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.679265022 CET1.1.1.1192.168.2.60xcf87No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.679322958 CET1.1.1.1192.168.2.60xf0e2No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.837301970 CET1.1.1.1192.168.2.60x6bfaNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.209738016 CET1.1.1.1192.168.2.60xe88No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.209738016 CET1.1.1.1192.168.2.60xe88No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.209798098 CET1.1.1.1192.168.2.60x6fc6No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.209798098 CET1.1.1.1192.168.2.60x6fc6No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.222348928 CET1.1.1.1192.168.2.60x7d3No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.222348928 CET1.1.1.1192.168.2.60x7d3No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.222348928 CET1.1.1.1192.168.2.60x7d3No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.348297119 CET1.1.1.1192.168.2.60x72bbNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.353832960 CET1.1.1.1192.168.2.60x5ad2No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.360841036 CET1.1.1.1192.168.2.60x86cNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.523438931 CET1.1.1.1192.168.2.60x92f7No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.272058964 CET1.1.1.1192.168.2.60x7df4No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.272058964 CET1.1.1.1192.168.2.60x7df4No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.272058964 CET1.1.1.1192.168.2.60x7df4No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.526271105 CET1.1.1.1192.168.2.60xb0a6No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.832855940 CET1.1.1.1192.168.2.60x51bNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.671055079 CET1.1.1.1192.168.2.60x37c9No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.671055079 CET1.1.1.1192.168.2.60x37c9No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.201795101 CET1.1.1.1192.168.2.60x49cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.340761900 CET1.1.1.1192.168.2.60xfb1aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.394702911 CET1.1.1.1192.168.2.60x9ae1No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.547713041 CET1.1.1.1192.168.2.60x397dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.488296032 CET1.1.1.1192.168.2.60x7626No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.488296032 CET1.1.1.1192.168.2.60x7626No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.626959085 CET1.1.1.1192.168.2.60x57bbNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.644112110 CET1.1.1.1192.168.2.60xa692No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924247026 CET1.1.1.1192.168.2.60xf081No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924412966 CET1.1.1.1192.168.2.60x16a8No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924412966 CET1.1.1.1192.168.2.60x16a8No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924997091 CET1.1.1.1192.168.2.60xa0e3No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.924997091 CET1.1.1.1192.168.2.60xa0e3No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.061933041 CET1.1.1.1192.168.2.60xede9No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.062505960 CET1.1.1.1192.168.2.60x6ad3No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.064126968 CET1.1.1.1192.168.2.60x2273No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.200035095 CET1.1.1.1192.168.2.60x43f8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.200035095 CET1.1.1.1192.168.2.60x43f8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.200035095 CET1.1.1.1192.168.2.60x43f8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.200035095 CET1.1.1.1192.168.2.60x43f8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.201075077 CET1.1.1.1192.168.2.60x14dbNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.206188917 CET1.1.1.1192.168.2.60x4954No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339677095 CET1.1.1.1192.168.2.60x73fcNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339677095 CET1.1.1.1192.168.2.60x73fcNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339677095 CET1.1.1.1192.168.2.60x73fcNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339677095 CET1.1.1.1192.168.2.60x73fcNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339677095 CET1.1.1.1192.168.2.60x73fcNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.339809895 CET1.1.1.1192.168.2.60x8492No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.477530956 CET1.1.1.1192.168.2.60x39a7No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.480566025 CET1.1.1.1192.168.2.60xa82fNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.480566025 CET1.1.1.1192.168.2.60xa82fNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.480566025 CET1.1.1.1192.168.2.60xa82fNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.480566025 CET1.1.1.1192.168.2.60xa82fNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.042678118 CET1.1.1.1192.168.2.60x5ef1No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.042678118 CET1.1.1.1192.168.2.60x5ef1No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.042678118 CET1.1.1.1192.168.2.60x5ef1No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.042678118 CET1.1.1.1192.168.2.60x5ef1No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.082437038 CET1.1.1.1192.168.2.60xb8fbNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.082437038 CET1.1.1.1192.168.2.60xb8fbNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.182346106 CET1.1.1.1192.168.2.60x772dNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.182346106 CET1.1.1.1192.168.2.60x772dNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.182346106 CET1.1.1.1192.168.2.60x772dNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.182346106 CET1.1.1.1192.168.2.60x772dNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.221565962 CET1.1.1.1192.168.2.60xe660No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.322293997 CET1.1.1.1192.168.2.60xeaffNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.322293997 CET1.1.1.1192.168.2.60xeaffNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.322293997 CET1.1.1.1192.168.2.60xeaffNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.322293997 CET1.1.1.1192.168.2.60xeaffNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:15.088421106 CET1.1.1.1192.168.2.60x817fNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:15.088421106 CET1.1.1.1192.168.2.60x817fNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.327120066 CET1.1.1.1192.168.2.60xc6adNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.327120066 CET1.1.1.1192.168.2.60xc6adNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:28.075875044 CET1.1.1.1192.168.2.60x4897No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                  • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                  0192.168.2.64972234.107.221.82805756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:46.179003000 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.261913061 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80643
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.269432068 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.583873987 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80644
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.754637957 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:49.068831921 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80644
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                  1192.168.2.64973034.107.221.82805756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:47.820265055 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                  2192.168.2.64973534.107.221.82805756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:48.876161098 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                  3192.168.2.64974234.107.221.82805756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.225642920 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.306113005 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69694
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.606142044 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.920757055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69696
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.511868954 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.838298082 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69700
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:58.461502075 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:59.119342089 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69701
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.363254070 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.678505898 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69705
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.822386980 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:03.136548996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69705
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.138281107 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.452001095 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69710
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.319240093 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.632453918 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69711
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.560445070 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.874053955 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69712
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.827418089 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.141336918 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69713
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.054414034 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.368268013 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69715
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.420839071 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.734757900 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69716
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.829181910 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:15.143601894 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69717
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.193835974 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.512170076 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69726
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.730005026 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:25.056154013 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69727
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:35.056591988 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.336263895 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.649888039 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69747
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.754734993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.068325996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69748
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.392730951 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.707634926 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69749
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:56.713437080 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:06.842745066 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:16.977624893 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:27.114978075 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.613867998 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.927620888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 15:30:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 69792
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:39.939486980 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                  4192.168.2.64974434.107.221.82805756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:50.301738977 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:51.383461952 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80647
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.607397079 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:53.923367023 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80649
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.517402887 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:51:57.840127945 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80653
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.330430984 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:01.644088030 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80657
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.500725985 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:02.815548897 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80658
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:06.820432901 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:07.134041071 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80662
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.002629042 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:08.316225052 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80664
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.231929064 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:09.557115078 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80665
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.510035038 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:10.824222088 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80666
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:11.735265970 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:12.051774979 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80667
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.102279902 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:13.416975975 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80669
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.506650925 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:14.826060057 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80670
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:22.869923115 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:23.190016985 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80679
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.412300110 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:24.726295948 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80680
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:34.740067005 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:43.921222925 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.229330063 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:44.333266020 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80700
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.423813105 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:45.751430035 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80701
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.073982000 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:46.389580011 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80702
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:52:56.396831989 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:06.526674032 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:16.663717031 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:26.829557896 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.296308994 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:29.610335112 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 12:27:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                  Age: 80745
                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                  Dec 18, 2024 11:53:39.623142958 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:36
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\do.ps1"
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:36
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:39
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd"
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:39
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:39
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:40
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:40
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b7867fa-94d4-4a64-a53d-5a509b36e200} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a6d110 socket
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:42
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -parentBuildID 20230927232528 -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26099 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7385eb-5e95-4c83-80c2-8aa8c723d91c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172c9a88110 rdd
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                  Start time:05:51:59
                                                                                                                                                                                                                                                                                                                                                                                  Start date:18/12/2024
                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5356 -prefMapHandle 5364 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {766fdaca-8b5d-4736-82b6-44cb10509d0c} 5756 "\\.\pipe\gecko-crash-server-pipe.5756" 172e2826f10 utility
                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFD34893885 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2203158457.00007FFD34890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34890000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd34890000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 06dd8eff1491b1416924cc34ec2b2cd7ad6d79b6dd9688336832df7d7167c6f3
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C701A73020CB0C4FD744EF0CE051AA5B7E0FB89320F10052DE58AC3651D636E881CB41

                                                                                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFD34893C4D Relevance: .6, Instructions: 550COMMON
                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2203158457.00007FFD34890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34890000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd34890000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e2eed40ef9125833fd68b3c48d08ae90d682cdb3aa642a6201bf298c1571ec50
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3676a42eb3576186378e048b796f1238121a6cbc7fc14936bfc9d9be167d30ab
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2eed40ef9125833fd68b3c48d08ae90d682cdb3aa642a6201bf298c1571ec50
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1F18557B0DAD25BE352A76DA4B61D93FA0DF9333970D10B7C2C4CA093ED1C684A9261

                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:0.9%
                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 5107 17a58d43db7 5108 17a58d43dc7 NtQuerySystemInformation 5107->5108 5109 17a58d43d64 5108->5109 5110 17a58d64df2 5111 17a58d64e49 NtQuerySystemInformation 5110->5111 5112 17a58d631c4 5110->5112 5111->5112

                                                                                                                                                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                    Function 0000017A58D64DF2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.3400064602.0000017A58D62000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017A58D62000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_17a58d62000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                                    • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a0644be57583e8fc700d9913833e8eb9f50645805cb1a942ceb4b44a2881d172
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FA3E231658A4D8BDB2DDF29DC852E973E5FB98300F54422ED84BC7245DF34EA428B82
                                                                                                                                                                                                                                                                                                                                                                                    Function 0000017A58D43DB7 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.3399600178.0000017A58D41000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017A58D41000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_17a58d41000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ea17f937e59577147d58e7faa18c74e0df99eea999162ccd71416b219177d925
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FA3E232658A4C8BDB2DDF28DC856E973E5FB95700F44422ED94BC7251DF34EA428B82
                                                                                                                                                                                                                                                                                                                                                                                    Function 0000017A58D4A041 Relevance: 1.0, Instructions: 991COMMON
                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 2850 17a58d4a041-17a58d4a042 2851 17a58d4a076-17a58d4a0af 2850->2851 2852 17a58d4a044-17a58d4a074 2850->2852 2853 17a58d4a35c-17a58d4a37a 2851->2853 2854 17a58d4a0b5-17a58d4a0d3 2851->2854 2852->2851 2859 17a58d4a3aa-17a58d4a402 2853->2859 2860 17a58d4a37c-17a58d4a3a5 2853->2860 2861 17a58d4a103-17a58d4a140 2854->2861 2862 17a58d4a0d5-17a58d4a0fe 2854->2862 2872 17a58d4a432-17a58d4a48a 2859->2872 2873 17a58d4a404-17a58d4a42d 2859->2873 2867 17a58d4a971-17a58d4a9a6 2860->2867 2870 17a58d4a170-17a58d4a1ad 2861->2870 2871 17a58d4a142-17a58d4a16b 2861->2871 2862->2867 2882 17a58d4a1af-17a58d4a1d8 2870->2882 2883 17a58d4a1dd-17a58d4a217 2870->2883 2871->2867 2880 17a58d4a4ba-17a58d4a4d2 2872->2880 2881 17a58d4a48c-17a58d4a4b5 2872->2881 2873->2867 2886 17a58d4a4d7-17a58d4a51c 2880->2886 2881->2867 2882->2867 2890 17a58d4a247-17a58d4a253 2883->2890 2891 17a58d4a219-17a58d4a242 2883->2891 2896 17a58d4a51e-17a58d4a547 2886->2896 2897 17a58d4a54c-17a58d4a558 2886->2897 2892 17a58d4a282-17a58d4a328 2890->2892 2893 17a58d4a255-17a58d4a27d 2890->2893 2891->2867 2916 17a58d4a32e-17a58d4a357 2892->2916 2917 17a58d4a7bc-17a58d4a7f6 2892->2917 2893->2892 2896->2867 2899 17a58d4a55a-17a58d4a582 2897->2899 2900 17a58d4a587-17a58d4a5dc 2897->2900 2899->2900 2906 17a58d4a5de-17a58d4a60d 2900->2906 2907 17a58d4a60f-17a58d4a636 2900->2907 2915 17a58d4a638-17a58d4a64e 2906->2915 2907->2915 2919 17a58d4a67e-17a58d4a6b8 2915->2919 2920 17a58d4a650-17a58d4a679 2915->2920 2916->2867 2926 17a58d4a826-17a58d4a860 2917->2926 2927 17a58d4a7f8-17a58d4a821 2917->2927 2931 17a58d4a6ba-17a58d4a6e3 2919->2931 2932 17a58d4a6e8-17a58d4a722 2919->2932 2920->2867 2936 17a58d4a890-17a58d4a8ca 2926->2936 2937 17a58d4a862-17a58d4a88b 2926->2937 2927->2867 2931->2867 2939 17a58d4a752-17a58d4a78c 2932->2939 2940 17a58d4a724-17a58d4a74d 2932->2940 2946 17a58d4a8cc-17a58d4a8f5 2936->2946 2947 17a58d4a8f7-17a58d4a931 2936->2947 2937->2867 2939->2917 2950 17a58d4a78e-17a58d4a7b7 2939->2950 2940->2867 2946->2867 2947->2867 2950->2867
                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.3399600178.0000017A58D4A000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017A58D4A000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_17a58d4a000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5a0055d3bed292031c6bba7f3977f0d56f98cf6e22533ef92ca0f8e883deff59
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 71e60ebefb9f15b4d9e516d35a4a15d76be0ac50cf9da90b93d79c5653dd5038
                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a0055d3bed292031c6bba7f3977f0d56f98cf6e22533ef92ca0f8e883deff59
                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67528431309D188FEB5AEB18DC95BF933E1E7A8711B44412BD44BC32A5DE78EA4687C1