Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ghostspider.7z

Overview

General Information

Sample name:ghostspider.7z
Analysis ID:1578577
MD5:d47be3f859cd49567581bf2e483befa8
SHA1:175916ca5555b66cc5cc3f448ca6f86c91556787
SHA256:61da51c3d4dd5531b94af2d6b7b44387e16cc05a7a869e1f811f78ad9370c51b
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Found evasive API chain (may stop execution after checking mutex)
Suspicious execution chain found
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after checking a module file name)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OpenWith.exe (PID: 5632 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • 7zG.exe (PID: 6460 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap28794:76:7zEvent23616 MD5: 50F289DF0C19484E970849AAC4E6F977)
  • chrome.exe (PID: 6624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,12126770736487860742,9074407997939773988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • firefox.exe (PID: 6264 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 4184 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7308 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca1f93b-892a-4cf5-96f3-919450b7d7c4} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e66bf10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7932 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1296 -parentBuildID 20230927232528 -prefsHandle 1012 -prefMapHandle 3740 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {808291e4-2907-4e3f-a658-f7c702fa90e6} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e642c10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2272 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5148 -prefMapHandle 5132 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd672c1d-b325-458e-8e64-4058bac39e4d} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b1c03df10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cmd.exe (PID: 8168 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • regsvr32.exe (PID: 4608 cmdline: regsvr32 /s dbghelp.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • rundll32.exe (PID: 4540 cmdline: rundll32 dbghelp.dll,#1 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 4836 cmdline: rundll32 wintrust.dll,#1 MD5: EF3179D498793BF4234F708D3BE28633)
      • WerFault.exe (PID: 2544 cmdline: C:\Windows\system32\WerFault.exe -u -p 4836 -s 348 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 7816 cmdline: rundll32 help.dll,#1 MD5: EF3179D498793BF4234F708D3BE28633)
    • regsvr32.exe (PID: 7536 cmdline: regsvr32 /s help.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • rundll32.exe (PID: 7488 cmdline: rundll32 help.dll,#2 MD5: EF3179D498793BF4234F708D3BE28633)
      • WerFault.exe (PID: 4180 cmdline: C:\Windows\system32\WerFault.exe -u -p 7488 -s 360 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 3132 cmdline: rundll32 help.dll,#3 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2068 cmdline: rundll32 wintrust.dll,#16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 3532 cmdline: rundll32 wintrust.dll,#161 MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Scripting/CommandLine Process Spawned Regsvr32
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: regsvr32 /s dbghelp.dll, CommandLine: regsvr32 /s dbghelp.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8168, ParentProcessName: cmd.exe, ProcessCommandLine: regsvr32 /s dbghelp.dll, ProcessId: 4608, ProcessName: regsvr32.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Desktop\dbghelp.dllReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\help.dllReversingLabs: Detection: 58%
Source: C:\Users\user\Desktop\wintrust.dllReversingLabs: Detection: 62%
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.84.254:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49809 version: TLS 1.2
Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.1630443009.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1676325454.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600451019.0000025B2B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1622161002.0000025B2B725000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.1616955613.0000025B2D6EA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E92B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.1714431907.0000025B28154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.1666230869.0000025B27F65000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.1616955613.0000025B2D6EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1676977922.0000025B2D6C5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.1630443009.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1676325454.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600451019.0000025B2B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1622161002.0000025B2B725000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb/js/cnvr-launcher/ source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5F6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.1664570837.0000025B28382000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.1633606259.0000025B266FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb`= source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1663061823.0000025B2C8D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1597146309.0000025B2C8D1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5F6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.1601125890.0000025B281D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625460445.0000025B281E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679363084.0000025B281DE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E92B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.1599351735.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1620689532.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.1599351735.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1620689532.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8advapi32.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.1664570837.0000025B28382000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.1599351735.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1620689532.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.1601125890.0000025B281D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625460445.0000025B281E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679363084.0000025B281DE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.1664570837.0000025B28382000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdbappmenuitem-more-tools source: firefox.exe, 0000000E.00000003.1666230869.0000025B27F65000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.1633606259.0000025B266FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 0000000E.00000003.1666230869.0000025B27F65000.00000004.00000800.00020000.00000000.sdmp

Software Vulnerabilities

barindex
Suspicious execution chain found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeChild: C:\Windows\System32\rundll32.exeJump to behavior
Source: firefox.exeMemory has grown: Private usage: 1MB later: 262MB
Source: unknownNetwork traffic detected: DNS query count 31
Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.84.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.84.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.84.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.84.254
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.84.254
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000E.00000003.1476900108.0000025B2D7B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1476900108.0000025B2D7B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1556667136.0000025B2BF65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560478725.0000025B266FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1559496803.0000025B2B7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560478725.0000025B266EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534723075.0000025B2B7E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1656887097.0000025B1ED9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1ED7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1706170299.0000025B1F48F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1556667136.0000025B2BF65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560478725.0000025B266FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1559496803.0000025B2B7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560478725.0000025B266EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534723075.0000025B2B7E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1532578894.0000025B2D6E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1476900108.0000025B2D7B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1795950846.0000025B206D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1798814443.0000025B1FBE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1883771152.0000025B206D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2043579064.0000025B1F5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1806271441.0000025B1F5B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.1619851807.0000025B2B7ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559496803.0000025B2B7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534723075.0000025B2B7E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B2179D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000E.00000003.1604583090.0000025B1C3AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000E.00000003.1604583090.0000025B1C3AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000E.00000003.1847925578.0000025B1E468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 0000000E.00000003.1850401632.0000025B1C55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.1996168635.0000025B1E924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1973104088.0000025B1F4A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.1940413964.0000025B1F436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 0000000E.00000003.1874028824.0000025B2164D000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000E.00000003.1604583090.0000025B1C3AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000000E.00000003.1431206254.0000025B204D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1940897485.0000025B1F1D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1842492788.0000025B1F444000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550385467.0000025B2D8F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1709822363.0000025B1F1D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577860938.0000025B2D8FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812349894.0000025B1E66D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1531389918.0000025B2D8F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1659556334.0000025B1E631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000E.00000003.1617556057.0000025B2D624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000E.00000003.1935415713.0000025B1F8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000E.00000003.1881720224.0000025B2087D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1995309339.0000025B1E92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1857565719.0000025B1A8C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843496676.0000025B1E924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2018894412.0000025B1C5DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2016065319.0000025B1E92D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1683379851.0000025B20859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000E.00000003.1881720224.0000025B2087D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1995309339.0000025B1E92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1847925578.0000025B1E468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1634726183.0000025B2663C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843496676.0000025B1E924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1674678804.0000025B2092F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2016065319.0000025B1E92D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1683379851.0000025B20859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000E.00000003.2060147887.0000025B1544D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000E.00000003.1601882651.0000025B2D795000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1477638961.0000025B2D795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.o
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000E.00000003.1784327201.00003B7B4A403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1965427403.000010E780E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1791659501.00002C05D9B04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1478028736.0000025B2BA83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1967554789.00002D9763F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1882360108.0000025B20859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1780368011.000034EC35F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1683379851.0000025B20859000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000E.00000003.1965427403.000010E780E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1967554789.00002D9763F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0
Source: firefox.exe, 0000000E.00000003.1784327201.00003B7B4A403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1791659501.00002C05D9B04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1780368011.000034EC35F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0C
Source: firefox.exe, 0000000E.00000003.1641319242.0000025B216B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2039995504.0000025B1BEE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1687880836.0000025B2054A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1644096616.0000025B20C99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436212071.0000025B282A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1856552540.0000025B1B736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1571152960.0000025B1F1CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1481037959.0000025B2D576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1482384822.0000025B200BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1462056988.0000025B2823A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436212071.0000025B282C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1687880836.0000025B20524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525979291.0000025B20A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455840190.0000025B2B8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1887252576.0000025B2054F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1804493518.0000025B1FB4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1886859470.0000025B205B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1458432874.0000025B1F2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1471897650.0000025B1F3C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536285899.0000025B216BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520981722.0000025B1FD84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000E.00000003.1784327201.00003B7B4A403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1965427403.000010E780E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1791659501.00002C05D9B04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1967554789.00002D9763F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1780368011.000034EC35F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 0000000E.00000003.1514554221.0000025B2D743000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/l
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000E.00000003.1604583090.0000025B1C3AD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000E.00000003.1604583090.0000025B1C3AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000000E.00000003.1874028824.0000025B2164D000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000000E.00000003.1618279008.0000025B2B9E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1618279008.0000025B2B9DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B9DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000000E.00000003.1561110788.0000025B261D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000000E.00000003.1618279008.0000025B2B9E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1618279008.0000025B2B9DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561110788.0000025B261D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Amcache.hve.29.drString found in binary or memory: http://upx.sf.net
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: chromecache_126.12.drString found in binary or memory: http://www.broofa.com
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000000E.00000003.2048651335.0000025B1544D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
Source: firefox.exe, 0000000E.00000003.1874028824.0000025B2164D000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000E.00000003.1686111400.0000025B2062E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1566653311.0000025B2066D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1845977014.0000025B1E476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2017883765.0000025B1E4B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1801568105.0000025B20634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1845977014.0000025B1E4EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2018894412.0000025B1C5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1431206254.0000025B2044A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1884179755.0000025B20634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2017883765.0000025B1E4F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1632850536.0000025B27FDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1848113273.0000025B1C5EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1848823853.0000025B1C5B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000000E.00000003.1845977014.0000025B1E4EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2017883765.0000025B1E4F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 0000000E.00000003.2000942854.0000025B1543F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000E.00000003.1618279008.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561110788.0000025B261D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000E.00000003.1618279008.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561110788.0000025B261D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000E.00000003.1693182716.0000025B1FBDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000E.00000003.1864974962.0000025B2B92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1598008774.0000025B2B929000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000E.00000003.1946993525.0000025B28178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000E.00000003.1566653311.0000025B206C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: chromecache_123.12.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_123.12.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1882360108.0000025B20859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1683379851.0000025B20859000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000E.00000003.1557623898.0000025B2B96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1571152960.0000025B1F1F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1EDB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1ED47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: chromecache_123.12.dr, chromecache_126.12.drString found in binary or memory: https://apis.google.com
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000E.00000003.1677634769.0000025B2D669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1795001550.0000025B21711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000E.00000003.1676711763.0000025B2D84E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000E.00000003.1807398447.0000025B1F495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1938684822.0000025B1F495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1973104088.0000025B1F4A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000E.00000003.1807398447.0000025B1F495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1938684822.0000025B1F495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1973104088.0000025B1F4A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: help.dll.9.drString found in binary or memory: https://billing.clothworls.com/index.php
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D692000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1811542606.0000025B1E6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1474370402.0000025B2D775000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000E.00000003.1455010982.0000025B2B89A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000E.00000003.1474370402.0000025B2D75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1474015272.0000025B2D70E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: chromecache_123.12.drString found in binary or memory: https://clients6.google.com
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000E.00000003.1843326712.0000025B1F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1994286190.0000025B1F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1810598256.0000025B1F16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.1722532635.0000025B1ECEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.1804050882.0000025B1FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: chromecache_123.12.drString found in binary or memory: https://content.googleapis.com
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000E.00000003.1631599094.0000025B281D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1601125890.0000025B281D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625460445.0000025B281D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679363084.0000025B281D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.1680182587.0000025B281C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.1727715479.0000025B1E6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: wintrust.dll.9.drString found in binary or memory: https://copilot.brillianthdesigns.com/home/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000E.00000003.1539138595.0000025B2C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1476900108.0000025B2D7B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1663061823.0000025B2C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1597146309.0000025B2C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1478812983.0000025B2C8F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.1675926139.0000025B2C87F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 0000000E.00000003.1675926139.0000025B2C87F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000000E.00000003.1675926139.0000025B2C87F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000E.00000003.1525979291.0000025B20A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000E.00000003.2059319411.0000025B1547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsoft.c
Source: chromecache_123.12.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1792351064.0000025B2B715000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1673195998.0000025B209BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525979291.0000025B20A5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1647796205.0000025B209BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1565211880.0000025B209BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1622161002.0000025B2B714000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000E.00000003.1780368011.000034EC35F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?Z
Source: firefox.exe, 0000000E.00000003.1562869075.0000025B21751000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000E.00000003.1675926139.0000025B2C87F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 0000000E.00000003.1681581826.0000025B2177F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B2177E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639560034.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.1442521669.0000025B1F9BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000000E.00000003.1442521669.0000025B1F9D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1451057305.0000025B1EBD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442521669.0000025B1F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1451057305.0000025B1EBD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464349811.0000025B2BAF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000E.00000003.1447921066.0000025B1F9A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000E.00000003.1810368659.0000025B1F17A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.1996252019.0000025B1E91B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.1996168635.0000025B1E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000E.00000003.1870659602.0000025B1C5E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1853251921.0000025B1C075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 0000000E.00000003.1934620841.0000025B2BF49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: chromecache_126.12.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_126.12.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_126.12.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_126.12.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.comh
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000E.00000003.1681581826.0000025B2177F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B2177E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639560034.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1951806727.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1951806727.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000013.00000002.2475349361.00000242C7D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1951806727.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.1631599094.0000025B281A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1951806727.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000E.00000003.1436212071.0000025B282A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000E.00000003.1436212071.0000025B282A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000E.00000003.1855581183.0000025B1B74C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000E.00000003.1557542908.0000025B2B9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650987158.0000025B208CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465156402.0000025B2BAFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1682968042.0000025B208CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D6BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000E.00000003.1550792760.0000025B2C5DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D6BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D6BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D6BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D6BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000E.00000003.1810368659.0000025B1F17A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000018.00000002.2472527959.000002B19C3F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000E.00000003.1713442168.0000025B2D6AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/056876fa-3024-4d24-a5c0-48e7e
Source: firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/44fdd5c8-5b97-4814-
Source: firefox.exe, 0000000E.00000003.1727715479.0000025B1E6B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1857999768.0000025B1A8B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1696242855.0000025B1FB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1659556334.0000025B1E6AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1811542606.0000025B1E6B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/8351b15a-8c18-4057-
Source: firefox.exe, 0000000E.00000003.1857999768.0000025B1A8B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/aabf5a2e-4b35-4c83-
Source: firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/cc17ce6f-06b5-463f-
Source: firefox.exe, 0000000E.00000003.1870659602.0000025B1C5DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1882040668.0000025B2086D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/e6c7fba0-1df2-452e-ab94-49cc
Source: firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/233fe2a5-521c-4375
Source: firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/960f6616-0ee5-4e94
Source: firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b5dec6bf-1de7-4fa3
Source: firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/d8e8683f-ad66-4953
Source: firefox.exe, 0000000E.00000003.2045567579.0000025B1EDEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/1864eebe-a97d-4196-ba9e-40ba8339789c/health/
Source: firefox.exe, 0000000E.00000003.2016723576.0000025B1E61A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/59f06e22-78e3-4143-9d34-bd19d6977013/main/Fi
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 0000000E.00000003.1858648589.0000025B1A895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1659556334.0000025B1E60F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1812914914.0000025B1E618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.1859545521.0000025B1A862000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000E.00000003.1870659602.0000025B1C5E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000000E.00000003.1805189290.0000025B1F822000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1535499764.0000025B216F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000E.00000003.1681168735.0000025B26688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639408689.0000025B26688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1476900108.0000025B2D7B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1634726183.0000025B2663C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000E.00000003.1481037959.0000025B2D57E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 0000000E.00000003.1481037959.0000025B2D57E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 0000000E.00000003.1481037959.0000025B2D57E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000018.00000002.2472527959.000002B19C38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.1459596972.0000025B2B872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000E.00000003.1604583090.0000025B1C3AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 0000000E.00000003.1481037959.0000025B2D57E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 0000000E.00000003.1857565719.0000025B1A8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.1858648589.0000025B1A895000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.1974271755.0000025B1F138000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000E.00000003.1857565719.0000025B1A8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: chromecache_126.12.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000E.00000003.1459596972.0000025B2B872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 0000000E.00000003.1459596972.0000025B2B872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
Source: chromecache_123.12.drString found in binary or memory: https://plus.google.com
Source: chromecache_123.12.drString found in binary or memory: https://plus.googleapis.com
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000E.00000003.1850401632.0000025B1C55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000000E.00000003.1690040187.0000025B204F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1647796205.0000025B2095C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1674678804.0000025B2095C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.1798895854.0000025B1FBDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2043250714.0000025B1F5F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1936599916.0000025B1F5F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 0000000E.00000003.1859545521.0000025B1A862000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 0000000E.00000003.1850530379.0000025B1C539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 0000000E.00000003.1850530379.0000025B1C539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 0000000E.00000003.1850530379.0000025B1C539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 0000000E.00000003.1850530379.0000025B1C539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 0000000E.00000003.2016065319.0000025B1E92D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 0000000E.00000003.1850530379.0000025B1C539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B2179D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B2179D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B217A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B217A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000E.00000003.1946993525.0000025B28154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000E.00000003.1811542606.0000025B1E6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com
Source: firefox.exe, 0000000E.00000003.1727715479.0000025B1E6C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000E.00000003.1622161002.0000025B2B719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000E.00000003.1639560034.0000025B2179D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1654217607.0000025B206AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000E.00000003.1525979291.0000025B20A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000E.00000003.1850401632.0000025B1C55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000E.00000003.1844969443.0000025B1E90B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000E.00000003.1565211880.0000025B209F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639247486.0000025B283C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1624200371.0000025B283BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1630825597.0000025B283C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.1624200371.0000025B28385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843496676.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843496676.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000E.00000003.1650987158.0000025B2082D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1566653311.0000025B206C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1654217607.0000025B206CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2035640559.0000025B206D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000E.00000003.1727715479.0000025B1E6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639560034.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000E.00000003.1727715479.0000025B1E6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000E.00000003.1630825597.0000025B283B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1624200371.0000025B283B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1664463049.0000025B283B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000E.00000003.1557623898.0000025B2B96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1EDB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000E.00000003.1557623898.0000025B2B96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1571152960.0000025B1F1F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1EDB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1ED47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000E.00000003.1447921066.0000025B1F9A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 0000000E.00000003.1447921066.0000025B1F9A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000E.00000003.1571152960.0000025B1F1F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843496676.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1709822363.0000025B1F1F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1995309339.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2016065319.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843028905.0000025B1F1F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000E.00000003.1663415210.0000025B2C511000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000E.00000003.1807398447.0000025B1F495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1804850619.0000025B1FB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1566653311.0000025B2066D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1801431170.0000025B20680000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1704150437.0000025B1F49D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1685199264.0000025B2067B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1953888186.0000025B1FB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1938684822.0000025B1F495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1996408385.0000025B1E6B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650987158.0000025B20873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1634081206.0000025B266BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1808334357.0000025B266BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1478812983.0000025B2C8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550792760.0000025B2C5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 0000000E.00000003.1643245284.0000025B20CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000E.00000003.1478812983.0000025B2C8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550792760.0000025B2C5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 0000000E.00000003.1578111157.0000025B2D893000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000E.00000003.1620109745.0000025B2B7D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534994039.0000025B2B7C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559758564.0000025B2B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1629784877.0000025B2B7D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000E.00000003.1714431907.0000025B28154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000E.00000003.1843496676.0000025B1E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: chromecache_123.12.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1666029425.0000025B27F6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525979291.0000025B20A5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000E.00000003.1605534485.0000025B1C3B3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000E.00000003.1659556334.0000025B1E6A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000E.00000003.1435711013.0000025B282C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561110788.0000025B261C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1667176881.0000025B261C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1882360108.0000025B20859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525979291.0000025B20A5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1683379851.0000025B20859000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000E.00000003.1853251921.0000025B1C075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: chromecache_123.12.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_123.12.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: chromecache_126.12.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_126.12.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_126.12.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: firefox.exe, 0000000E.00000003.1459596972.0000025B2B872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 0000000E.00000003.1459596972.0000025B2B872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 0000000E.00000003.1854035649.0000025B1B7F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1692156986.0000025B1FBEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1692156986.0000025B1FBF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1693182716.0000025B1FBD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1692156986.0000025B1FBF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1693182716.0000025B1FBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.1784327201.00003B7B4A403000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/Z
Source: firefox.exe, 0000000E.00000003.1478812983.0000025B2C8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550792760.0000025B2C5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 0000000E.00000003.1442521669.0000025B1F9D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442521669.0000025B1F9BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000E.00000003.1478812983.0000025B2C8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550792760.0000025B2C5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 0000000E.00000003.1663415210.0000025B2C511000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000E.00000003.1578111157.0000025B2D84D000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 0000000E.00000003.1663415210.0000025B2C511000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.1478812983.0000025B2C8AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1478812983.0000025B2C8EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1882040668.0000025B2086D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1550792760.0000025B2C5D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1851410048.0000025B1C0CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000E.00000003.1503635161.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1821112215.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605767942.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1816132244.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895610144.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comr
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1843496676.0000025B1E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000E.00000003.1620109745.0000025B2B7D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1534994039.0000025B2B7C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559758564.0000025B2B7D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1629784877.0000025B2B7D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 0000000E.00000003.1476900108.0000025B2D7A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000E.00000003.1843496676.0000025B1E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.84.254:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49809 version: TLS 1.2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C8379F77 NtQuerySystemInformation,19_2_00000242C8379F77
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C83721F2 NtQuerySystemInformation,19_2_00000242C83721F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C8379F7719_2_00000242C8379F77
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C83721F219_2_00000242C83721F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C837223219_2_00000242C8372232
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C837291C19_2_00000242C837291C
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8973030_2_00007FFF46F89730
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8BB3030_2_00007FFF46F8BB30
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9539830_2_00007FFF46F95398
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F98FA030_2_00007FFF46F98FA0
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8163030_2_00007FFF46F81630
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8FE5030_2_00007FFF46F8FE50
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9AA7830_2_00007FFF46F9AA78
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8C27030_2_00007FFF46F8C270
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9BB0030_2_00007FFF46F9BB00
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8AB0030_2_00007FFF46F8AB00
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8A12030_2_00007FFF46F8A120
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8997030_2_00007FFF46F89970
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9218830_2_00007FFF46F92188
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8A5C030_2_00007FFF46F8A5C0
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9284830_2_00007FFF46F92848
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8948030_2_00007FFF46F89480
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8D4A030_2_00007FFF46F8D4A0
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8B4D030_2_00007FFF46F8B4D0
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9990C30_2_00007FFF46F9990C
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4836 -s 348
Source: classification engineClassification label: mal56.expl.evad.win7Z@55/67@72/16
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\dbghelp.dllJump to behavior
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4836
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7488
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5632:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 dbghelp.dll,#1
Source: firefox.exe, 0000000E.00000003.1532886101.0000025B2D692000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1666029425.0000025B27F6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000E.00000003.1595448944.0000025B2D851000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1531389918.0000025B2D84E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1578111157.0000025B2D84D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000E.00000003.1532413283.0000025B2D6F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknownProcess created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap28794:76:7zEvent23616
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,12126770736487860742,9074407997939773988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca1f93b-892a-4cf5-96f3-919450b7d7c4} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e66bf10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1296 -parentBuildID 20230927232528 -prefsHandle 1012 -prefMapHandle 3740 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {808291e4-2907-4e3f-a658-f7c702fa90e6} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e642c10 rdd
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5148 -prefMapHandle 5132 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd672c1d-b325-458e-8e64-4058bac39e4d} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b1c03df10 utility
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s dbghelp.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 dbghelp.dll,#1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#1
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4836 -s 348
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s help.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#2
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7488 -s 360
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#3
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#16
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#161
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,12126770736487860742,9074407997939773988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#16Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca1f93b-892a-4cf5-96f3-919450b7d7c4} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e66bf10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1296 -parentBuildID 20230927232528 -prefsHandle 1012 -prefMapHandle 3740 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {808291e4-2907-4e3f-a658-f7c702fa90e6} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e642c10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5148 -prefMapHandle 5132 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd672c1d-b325-458e-8e64-4058bac39e4d} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b1c03df10 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s dbghelp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 dbghelp.dll,#1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s help.dllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#2Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#3Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#16Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#161Jump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: help.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
Source: Google Drive.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.11.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.1630443009.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1676325454.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600451019.0000025B2B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1622161002.0000025B2B725000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.1616955613.0000025B2D6EA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E92B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.1714431907.0000025B28154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1665225647.0000025B27F9E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.1666230869.0000025B27F65000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.1616955613.0000025B2D6EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1676977922.0000025B2D6C5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.1630443009.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1676325454.0000025B2B728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600451019.0000025B2B724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1622161002.0000025B2B725000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb/js/cnvr-launcher/ source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5F6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.1664570837.0000025B28382000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.1633606259.0000025B266FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.1728553281.0000025B1FB21000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.1650987158.0000025B20854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb`= source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1663061823.0000025B2C8D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1597146309.0000025B2C8D1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5F6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.1601125890.0000025B281D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625460445.0000025B281E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679363084.0000025B281DE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.1725842252.0000025B1E9C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E92B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.1599351735.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1620689532.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.1599351735.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1620689532.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.1678178725.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596477413.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1627914534.0000025B2D641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1662354806.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1617556057.0000025B2D646000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8advapi32.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.1664570837.0000025B28382000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.1599351735.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1620689532.0000025B2B7A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.1601125890.0000025B281D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625460445.0000025B281E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1679363084.0000025B281DE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.1677254266.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1713442168.0000025B2D6A8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.1700912847.0000025B1F5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.1664570837.0000025B28382000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdbappmenuitem-more-tools source: firefox.exe, 0000000E.00000003.1666230869.0000025B27F65000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000E.00000003.1895019643.0000025B2E8BC000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F806000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.1598008774.0000025B2B921000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.1633606259.0000025B266FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.1719587751.0000025B1F810000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.1699692097.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1655524628.0000025B1F8E0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 0000000E.00000003.1666230869.0000025B27F65000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F96BF8 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,30_2_00007FFF46F96BF8
Source: dbghelp.dll.9.drStatic PE information: section name: .detourd
Source: dbghelp.dll.9.drStatic PE information: section name: .detourc
Source: wintrust.dll.9.drStatic PE information: section name: .detourd
Source: wintrust.dll.9.drStatic PE information: section name: .detourc
Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s dbghelp.dll
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\help.dllJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\dbghelp.dllJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\wintrust.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8CCA0 GetSystemDirectoryW,LoadLibraryExW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,30_2_00007FFF46F8CCA0
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Windows\System32\rundll32.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_30-11362
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C8379F77 rdtsc 19_2_00000242C8379F77
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 416Jump to behavior
Source: C:\Windows\System32\rundll32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_30-11580
Source: C:\Windows\System32\OpenWith.exe TID: 3740Thread sleep count: 42 > 30Jump to behavior
Source: Amcache.hve.29.drBinary or memory string: VMware
Source: firefox.exe, 0000000F.00000002.2488468953.000001A28B480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWz
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (15ms): Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: firefox.exe, 0000000F.00000002.2463894137.000001A28AF1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: Amcache.hve.29.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: firefox.exe, 0000000F.00000002.2488468953.000001A28B480000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2487529326.00000242C8260000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2460278799.000002B19BF5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484057040.000002B19C430000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000F.00000002.2486070017.000001A28B320000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (0ms): HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: firefox.exe, 0000000E.00000003.1385121863.0000025B0FFB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (16ms): HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.3031.cat
Source: Amcache.hve.29.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:19 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (31ms): Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (0ms): HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: Amcache.hve.29.drBinary or memory string: vmci.sys
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (15ms): Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: Amcache.hve.29.drBinary or memory string: VMware20,1
Source: Amcache.hve.29.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.29.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.29.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: firefox.exe, 0000000F.00000002.2488468953.000001A28B480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF
Source: Amcache.hve.29.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.29.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.29.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.29.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.29.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.29.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:19 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: firefox.exe, 00000013.00000002.2487529326.00000242C8260000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (16ms): Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: Amcache.hve.29.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:19 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:19 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.2728.cat
Source: Amcache.hve.29.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.29.drBinary or memory string: vmci.syshbin
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: Amcache.hve.29.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.29.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.29.drBinary or memory string: VMware-42 27 c8 0c e4 52 1d cc-a0 8f d3 a4 82 3e 8f 04
Source: Amcache.hve.29.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.29.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.29.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (16ms): Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: firefox.exe, 0000000F.00000002.2463894137.000001A28AF1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWn<9
Source: firefox.exe, 0000000E.00000003.1385121863.0000025B0FFB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`
Source: Amcache.hve.29.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (15ms): HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: Amcache.hve.29.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: firefox.exe, 0000000E.00000003.1385121863.0000025B0FFB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2488468953.000001A28B480000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2487529326.00000242C8260000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.3031.cat
Source: Amcache.hve.29.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.29.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.29.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:19 06/10/2023: DONE Adding Catalog File (16ms): Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: Amcache.hve.29.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:17 06/10/2023: DONE Adding Catalog File (15ms): Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: firefox.exe, 00000013.00000002.2460803325.00000242C7A1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: dberr.txt.38.drBinary or memory string: CatalogDB: 09:50:16 06/10/2023: DONE Adding Catalog File (0ms): HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_30-11582
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000242C8379F77 rdtsc 19_2_00000242C8379F77
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8E750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_00007FFF46F8E750
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F96BF8 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,30_2_00007FFF46F96BF8
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8E5F0 free,free,free,GetProcessHeap,HeapFree,30_2_00007FFF46F8E5F0
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F8E750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_00007FFF46F8E750
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F908BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_00007FFF46F908BC
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s dbghelp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 dbghelp.dll,#1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s help.dllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#2Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 help.dll,#3Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#16Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 wintrust.dll,#161Jump to behavior
Source: firefox.exe, 0000000E.00000003.1582721887.0000025B2DC01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F98F40 GetSystemTimeAsFileTime,30_2_00007FFF46F98F40
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F9BB00 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,30_2_00007FFF46F9BB00
Source: C:\Windows\System32\rundll32.exeCode function: 30_2_00007FFF46F920E4 HeapCreate,GetVersion,HeapSetInformation,30_2_00007FFF46F920E4
Source: Amcache.hve.29.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.29.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.29.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.29.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Native API		1
Registry Run Keys / Startup Folder		12
Process Injection		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Exploitation for Client Execution		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		2
Virtualization/Sandbox Evasion		LSASS Memory151
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		12
Process Injection		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Regsvr32		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Rundll32		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Extra Window Memory Injection		DCSync13
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578577 Sample: ghostspider.7z Startdate: 19/12/2024 Architecture: WINDOWS Score: 56 54 youtube-ui.l.google.com 2->54 56 www.youtube.com 2->56 58 30 other IPs or domains 2->58 76 Multi AV Scanner detection for dropped file 2->76 8 7zG.exe 3 2->8         started        11 cmd.exe 1 2->11         started        13 chrome.exe 8 2->13         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 44 C:\Users\user\Desktop\wintrust.dll, PE32+ 8->44 dropped 46 C:\Users\user\Desktop\help.dll, PE32+ 8->46 dropped 48 C:\Users\user\Desktop\dbghelp.dll, PE32 8->48 dropped 19 rundll32.exe 11->19         started        22 rundll32.exe 11->22         started        24 rundll32.exe 11->24         started        32 7 other processes 11->32 72 192.168.2.16, 138, 443, 49164 unknown unknown 13->72 74 239.255.255.250 unknown Reserved 13->74 80 Suspicious execution chain found 13->80 26 chrome.exe 13->26         started        29 firefox.exe 233 17->29         started        file6 signatures7 process8 dnsIp9 78 Found evasive API chain (may stop execution after checking mutex) 19->78 34 WerFault.exe 23 16 22->34         started        36 WerFault.exe 24->36         started        60 play.google.com 142.250.181.110, 443, 49732, 49752 GOOGLEUS United States 26->60 62 www.google.com 142.250.181.132, 443, 49709, 49712 GOOGLEUS United States 26->62 68 3 other IPs or domains 26->68 64 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49737, 49744, 49748 GOOGLEUS United States 29->64 66 push.services.mozilla.com 34.107.243.93, 443, 49758, 49767 GOOGLEUS United States 29->66 70 9 other IPs or domains 29->70 50 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->50 dropped 52 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->52 dropped 38 firefox.exe 1 29->38         started        40 firefox.exe 1 29->40         started        42 firefox.exe 1 29->42         started        file10 signatures11 process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
C:\Users\user\Desktop\dbghelp.dll16%ReversingLabsWin32.Adware.Generic
C:\Users\user\Desktop\help.dll58%ReversingLabsWin64.Trojan.Generic
C:\Users\user\Desktop\wintrust.dll62%ReversingLabsWin64.Backdoor.Ghostspider

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
star-mini.c10r.facebook.com
157.240.196.35
truefalse
    		high
    example.org
    		93.184.215.14
    		truefalse
      		high
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		high
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		high
          twitter.com
          		104.244.42.1
          		truefalse
            		high
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		high
              services.addons.mozilla.org
              		151.101.65.91
              		truefalse
                		high
                plus.l.google.com
                		172.217.17.78
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        		34.160.144.191
                        		truefalse
                          		high
                          youtube-ui.l.google.com
                          		172.217.17.78
                          		truefalse
                            		high
                            play.google.com
                            		142.250.181.110
                            		truefalse
                              		high
                              reddit.map.fastly.net
                              		151.101.65.140
                              		truefalse
                                		high
                                ipv4only.arpa
                                		192.0.0.171
                                		truefalse
                                  		high
                                  prod.ads.prod.webservices.mozgcp.net
                                  		34.117.188.166
                                  		truefalse
                                    		high
                                    push.services.mozilla.com
                                    		34.107.243.93
                                    		truefalse
                                      		high
                                      www.google.com
                                      		142.250.181.132
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  firefox.settings.services.mozilla.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    www.youtube.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.facebook.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        detectportal.firefox.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          normandy.cdn.mozilla.net
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            shavar.services.mozilla.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              apis.google.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000E.00000003.1639560034.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1951806727.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.1617556057.0000025B2D624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.orgfirefox.exe, 0000000E.00000003.1850401632.0000025B1C55D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.1539138595.0000025B2C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1476900108.0000025B2D7B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1663061823.0000025B2C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1597146309.0000025B2C8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1478812983.0000025B2C8F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.mozilla.com0firefox.exe, 0000000E.00000003.1874028824.0000025B2164D000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drfalse
                                                                                		high
                                                                                https://www.msn.comrfirefox.exe, 0000000E.00000003.1503635161.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1821112215.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605767942.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1816132244.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1895610144.0000025B1F9A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000018.00000002.2472527959.000002B19C38F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://mozilla.ofirefox.exe, 0000000E.00000003.1601882651.0000025B2D795000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1477638961.0000025B2D795000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.1727715479.0000025B1E6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 0000000E.00000003.1481037959.0000025B2D57E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.1565211880.0000025B209F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639247486.0000025B283C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1624200371.0000025B283BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1630825597.0000025B283C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.1557623898.0000025B2B96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1571152960.0000025B1F1F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1EDB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1ED47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.1532886101.0000025B2D6BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://monitor.firefox.com/breach-details/firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1666029425.0000025B27F6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525979291.0000025B20A5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://profiler.firefox.com/firefox.exe, 0000000E.00000003.1850401632.0000025B1C55D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                        		high
                                                                                                                        http://mozilla.org/0firefox.exe, 0000000E.00000003.1965427403.000010E780E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1967554789.00002D9763F03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.1389560418.0000025B1BD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391137305.0000025B1BF05000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000E.00000003.1447921066.0000025B1F9A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.1722532635.0000025B1ECEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.1650987158.0000025B208D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://mozilla.org/0Cfirefox.exe, 0000000E.00000003.1784327201.00003B7B4A403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1791659501.00002C05D9B04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1780368011.000034EC35F03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.instagram.com/firefox.exe, 0000000E.00000003.1459596972.0000025B2B872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://api.accounts.firefox.com/v1firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.amazon.com/firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://fpn.firefox.comfirefox.exe, 0000000E.00000003.1849317218.0000025B1C56E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.1675926139.0000025B2C87F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600firefox.exe, 0000000F.00000002.2473222475.000001A28B2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2484920038.000002B19C603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.youtube.com/firefox.exe, 0000000E.00000003.1630624358.0000025B2B711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C303000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.1693182716.0000025B1FBDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://plus.google.comchromecache_123.12.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.1569109867.0000025B1F532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000E.00000003.1639560034.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1951806727.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1668339069.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1653632393.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1625905683.0000025B1FDC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C3C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://127.0.0.1:firefox.exe, 0000000E.00000003.1639560034.0000025B2179D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1562869075.0000025B21794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.1525979291.0000025B20A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://bugzilla.mofirefox.exe, 0000000E.00000003.1532886101.0000025B2D692000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1811542606.0000025B1E6A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://mitmdetection.services.mozilla.com/firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.1557623898.0000025B2B96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1656887097.0000025B1EDB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.1696242855.0000025B1FB43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.1675926139.0000025B2C87F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.1727715479.0000025B1E6C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1714431907.0000025B28108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1639560034.0000025B2177D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2475349361.00000242C7D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.2472527959.000002B19C313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://addons.mozilla.org/firefox.exe, 0000000E.00000003.1560478725.0000025B266C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://normandy.cdn.mozilla.netfirefox.exe, 0000000E.00000003.1857565719.0000025B1A8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://monitor.firefox.com/user/dashboardfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://monitor.firefox.com/aboutfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.1641319242.0000025B216B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2039995504.0000025B1BEE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1687880836.0000025B2054A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1644096616.0000025B20C99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436212071.0000025B282A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1856552540.0000025B1B736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1571152960.0000025B1F1CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1481037959.0000025B2D576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1482384822.0000025B200BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1462056988.0000025B2823A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1436212071.0000025B282C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1687880836.0000025B20524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525979291.0000025B20A48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455840190.0000025B2B8D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1887252576.0000025B2054F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1804493518.0000025B1FB4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1886859470.0000025B205B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1458432874.0000025B1F2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1471897650.0000025B1F3C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536285899.0000025B216BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1520981722.0000025B1FD84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.1805189290.0000025B1F822000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1535499764.0000025B216F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://coverage.mozilla.orgfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 0000000E.00000003.1874028824.0000025B2164D000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000000E.00000003.1447921066.0000025B1F9A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://www.zhihu.com/firefox.exe, 0000000E.00000003.1843496676.0000025B1E924000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.1618279008.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561110788.0000025B261D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.1618279008.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1787433566.0000025B2B9E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1569109867.0000025B1F5AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557623898.0000025B2B9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1725842252.0000025B1E9B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561110788.0000025B261D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.1695518077.0000025B1FB96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://blocked.cdn.mozilla.net/firefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.1655524628.0000025B1F820000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.1696242855.0000025B1FB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.1562869075.0000025B21751000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://apis.google.comchromecache_123.12.dr, chromecache_126.12.drfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://profiler.firefox.comfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.1624200371.0000025B2839B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.1550792760.0000025B2C5DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://domains.google.com/suggest/flowchromecache_123.12.drfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://mathiasbynens.be/firefox.exe, 0000000E.00000003.1481037959.0000025B2D57E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000018.00000002.2468611882.000002B19C0A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.1643245284.0000025B20CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.1473390974.0000025B2D720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          151.101.65.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          142.250.181.132
                                                                                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.110
                                                                                                                                                                                                                                                                          		play.google.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          172.217.17.78
                                                                                                                                                                                                                                                                          		plus.l.google.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                                                                                          		unknownunknownfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          192.168.2.16
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1578577
                                                                                                                                                                                                                                                                          Start date and time:2024-12-19 23:14:06 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 34s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:39
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:1
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:ghostspider.7z
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal56.expl.evad.win7Z@55/67@72/16
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 40%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 11
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 74

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WerFault.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.206, 64.233.162.84, 142.250.181.142, 142.250.181.3, 172.217.19.234, 172.217.19.10, 172.217.19.202, 142.250.181.106, 172.217.17.74, 142.250.181.74, 142.250.181.138, 172.217.17.42, 44.228.225.150, 52.40.120.141, 44.240.87.158, 13.89.179.12, 88.221.134.209, 88.221.134.155, 172.217.17.35, 23.218.208.109, 20.109.210.53, 204.79.197.200, 51.104.15.253, 23.1.33.206, 204.79.197.222, 20.190.147.12
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fp.msedge.net, p-ring.msedge.net, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, onedsblobprdcus17.centralus.cloudapp.azure.com, a19.dscg10.akamai.net, clients2.google.com, redirector.gvt1.com, login.live.com, r.bing.com, update.googleapis.com, safebrowsing.googleapis.com, www.gstatic.com, clients1.google.com, www.bing.com, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, ogads-pa.googleapis.com, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, browser.pipe.aria.microsoft.com
                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target firefox.exe, PID 4184 because there are no executed function
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: ghostspider.7z

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          17:14:34API Interceptor1x Sleep call for process: OpenWith.exe modified
                                                                                                                                                                                                                                                                          17:15:04API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                          17:15:31API Interceptor2x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                  do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                              239.255.255.250https://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                  https://mdgouv.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                    https://kubota.highq.com/kubota/sitecontroller.action?metaData.siteID=7&metaData.parentFolderID=74Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      https://kubota.highq.com/kubota/externalAccess.action?linkParam=248Md4JKaxiIU4vwlQaNq5FLgPVNq03doY6pcXaLJD4%3D&documentDownload=linkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        https://kubota.highq.com/kubota/viewUserProfile.action?metaData.encryptTargetUserID=D1l4_GI3rHw=&metaData.updateUserProfileProcess=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            https://launch.app/prolandtitleGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                              https://supercrete.lk/m/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                Employee_Letter.PDFuJPefyDW1j.urlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                      https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      151.101.65.91https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          example.orgfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          star-mini.c10r.facebook.comhttp://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          https://www.grapevine.org/join/next-gen-giving-circle-dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          http://johnlewispartners.shopGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                                          YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          http://inspirafinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          twitter.comhttp://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                          do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65

                                                                                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.39.58
                                                                                                                                                                                                                                                                                                                                                          http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.67.216.185
                                                                                                                                                                                                                                                                                                                                                          main1.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                          https://pdf.ac/4lLzbtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.39.58
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          http://bluepeak-group.com/fcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUSmipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                          • 56.40.235.210
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                          • 48.140.29.231
                                                                                                                                                                                                                                                                                                                                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.81.194.138
                                                                                                                                                                                                                                                                                                                                                          arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 48.203.96.39
                                                                                                                                                                                                                                                                                                                                                          spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 57.192.85.32
                                                                                                                                                                                                                                                                                                                                                          x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.144.175.203
                                                                                                                                                                                                                                                                                                                                                          star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.167.48.82
                                                                                                                                                                                                                                                                                                                                                          sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.149.99.188
                                                                                                                                                                                                                                                                                                                                                          arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.42.112.108
                                                                                                                                                                                                                                                                                                                                                          FASTLYUShttps://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                          https://supercrete.lk/m/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                                          ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                                          bad.txtGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                                                                                                                          ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                                          (Lhambright)VWAV.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                                          EFT Remittance_(Dmorris)CQDM.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                          Timesheet ACH-Tbconsulting.November 16, 2024.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                                          https://whtt.termlicari.ru/HnkNbg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUSmipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                          • 56.40.235.210
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                          • 48.140.29.231
                                                                                                                                                                                                                                                                                                                                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.81.194.138
                                                                                                                                                                                                                                                                                                                                                          arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 48.203.96.39
                                                                                                                                                                                                                                                                                                                                                          spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 57.192.85.32
                                                                                                                                                                                                                                                                                                                                                          x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.144.175.203
                                                                                                                                                                                                                                                                                                                                                          star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.167.48.82
                                                                                                                                                                                                                                                                                                                                                          sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.149.99.188
                                                                                                                                                                                                                                                                                                                                                          arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.42.112.108

                                                                                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          28a2c9bd18a11de089ef85a160da29e4Doc_14-58-28.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          Doc_14-58-28.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          F8HYX5HOgA.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          tmkSAOF3GM.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          JiZQEd33mn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          Doc_23-03-27.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 150.171.84.254
                                                                                                                                                                                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpdo.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                              tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                  tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                    kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                      kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                        fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                          LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                            fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                              LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3eebe28b334d0892d9a64331cd25d1be649b211_22ba27cd_34a49399-51de-44d9-9091-527bafb6cf41\Report.wer

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.7619242881237245
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ftLiFy3C01IG3EjA2zuiF0Z24lO8d0bB:1LiA3J1j3EjRzuiF0Y4lO8d0b
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0BE7C8CC2BA1710EBDB432E490F05E36
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5154726C7AA06CC68EE0F1DA4302D468304B1574
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:63C04133687358D38ADAFFD807F77D202A6813A076B2AA9250D7EF35E28764CF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:556BB473AEAA1C871F3B9E9687F0A0F1382EE1BFCEA5C803A286EB94DDBD1CC672B7775F70D7B15B4D75354CFD56515672DA6BAE518FCA3F185569E1BE6A05DD
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.2.0.1.4.4.1.8.6.3.9.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.2.0.1.4.4.4.1.9.4.1.0.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.4.a.4.9.3.9.9.-.5.1.d.e.-.4.4.d.9.-.9.0.9.1.-.5.2.7.b.a.f.b.6.c.f.4.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.a.5.2.1.e.1.4.-.d.c.7.c.-.4.8.4.1.-.8.2.4.e.-.e.3.c.0.8.8.b.a.1.a.3.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.4.0.-.0.0.0.1.-.0.0.1.6.-.1.7.5.6.-.e.2.8.b.6.3.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.2.2.!.r.u.n.d.l.l.3.2...e.x.e.

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_win_bdcac09a411cd5ce54b2d55a7ca2acb3d985a97_5b893825_4e4a9f3c-460a-43ea-b663-553a212c286b\Report.wer

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.7677869796742731
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:7LFQbqFit2yKyIsjs4Rv2GjxfnQXIDcQ7c6DcE/cw3EQXaXz+HbHgSQgJjw2czXv:vKbsit2yIH0FHFIejYCzuiF0Z24lO8t
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0746FC76750327F3E318927463E24860
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:66B5F2274BEDEA7300A54DC880B697B9F60C3E15
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E280601884203D2C4F7987AEE7204C76C5A0A9073D2E8C11810ADD32F1232357
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:9FE97F5805016107732FD0E2406BA18CF752353AFF3046450A50658A82701F502488655DFD49CDD9AA2FF0A0D057725069673F5DFB10E520BD05B5D4E97B9385
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.2.0.1.2.6.8.1.8.9.1.1.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.2.0.1.2.7.1.1.3.9.1.2.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.e.4.a.9.f.3.c.-.4.6.0.a.-.4.3.e.a.-.b.6.6.3.-.5.5.3.a.2.1.2.c.2.8.6.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.5.9.6.4.1.2.5.-.d.8.f.5.-.4.7.1.0.-.a.6.3.9.-.1.7.0.b.d.6.3.8.1.8.b.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.w.i.n.t.r.u.s.t...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.e.4.-.0.0.0.1.-.0.0.1.6.-.7.8.1.6.-.7.d.8.1.6.3.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.2.2.

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER353A.tmp.dmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Dec 19 22:15:26 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):67506
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5407288673196304
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:5S8TriaNk2IKtYMa4HaYx5YJ9icaoi7MxlO3uLa5c62QvA3Y3ht6x+OaFQYpN5I4:zT2aGaxIOMvO3uLicb5Y3ntIUXKK
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3985C5991C8397E5DC5DAAFD8C3C7178
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4645B9E6E54EEBFF501A5CBCFBEADE308FD31B7E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7812F6C27B4BB283C01AD18942276A2FAEA2F7E69BEA9491E0022BDB1DE132B1
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:F9CCE9FA225C601D4629D1463364A1064B7EC6F830CFBDC788140CC1346CA9460E863834E962F22A0A9E0A2941E27D041179623411C14E2FAC0F23CB0AE8154A
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MDMP..a..... .........dg....................................$...............T.......8...........T........... ...........................p...............................................................................eJ..............Lw......................T.............dg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER35D7.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):8520
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.694843061260509
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJkSuMgRi6Y8DkFgmfw+Xapr089b97Ff7z/m:R6lXJxPki6YY+gmfw+u9Zf7i
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:956C4BC23E6A2B1ED78AAB9CB6ACA32B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:8ACD9DEC79BBF36E6EDC2634F699F9051AE36E98
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:16B570EA4E0FF22ACC8DA0A811EFBF3ABC4A3F355279CE721E046D740067A093
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:EE5A9A28DEB3D0FEEABDEB8EA35A9A9C66028D6CADFBB47F74C059531C259A3581D93F1A9EB853170EEF52DC5E92693CE5B0D79994720D9084CB526A502F2BD8
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.8.3.6.<./.P.i.

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3617.tmp.xml

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4751
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.478757247104127
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsoJg771I9OBWda80aEYm8M4JC3C/GFvwPyq85mvhptSTSFd:uIjfuI7tQdlpJDHpoOFd
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:28918CE118AB6D29F9BEAB1197CB534C
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:AD2A278E81961690FCA440D7DCDB4A7D94EB3C64
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:EB1992CE55144DFE903DA93CCE82ED909D4545016F2BAF71B1E91073AA1158D3
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6D52BDCB8675BFDE6A77EE2A5AA01CD0968953CD32A5697DA01BD9E7E9A8CE81A540B8A9E42121E01754E998590058F2BC300E2FAEC9F666A3437DF109866709
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="638718" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7919.tmp.dmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Dec 19 22:15:44 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):70016
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.4689569978906365
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:WFPwANwSOMR1OwPcI7GZz3aX2i8CfHmR7/rwUu:rwwtq1OwPcI7GZzaGi8CfGRTrw
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:714304418CDF5259BCFDB5F7D3CFBF7E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:865E5A976483DB4739157B80B4095EAB17E0D877
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2722D1C43A84544421B5A59789616CEBF5DAA1571AA6915266CA094B66B44C7B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:077430414C8C26E09A7D5393321819622C34C3C01ED8BD2A196143779EE30359226EFDEF21A5B193EA73AEA38013F6386C8DE199811D3A6112256CDA15B9D94B
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MDMP..a..... .........dg....................................................T.......8...........T.......................................p...............................................................................eJ..............Lw......................T.......@.....dg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7997.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):8478
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6904412109713642
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ+VuuPIe6Y8KEgmfT7Gqsprw89bJeFfMGjm:R6lXJcuup6YxEgmfTqHJkfMD
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:796B918D32510108687A7A3AA3FC91DB
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:718F85CF4FB44DED4BFB71C5AF86BF257CFF4B7E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A5BCF1AF77BEE0DED84D3428747D0A12EDA64C63D77D772ACE6A610D4892D770
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:0C845C1AF3D1FD400EE5D31FE95490E6E1102709FD0E50CD025D1CD08FA813AE79ACCA98A7F5BA2792B251FE19202FE7BC314DB841010C1448773FBFD291E58D
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.8.8.<./.P.i.

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER79C7.tmp.xml

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4696
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.44684552209098
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsoJg771I9OBWda80aUYm8M4JCdKMhPFv3yq85mZhymptSTS6d:uIjfuI7tQdlpJCZhxpoO6d
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0A6D65C173AD2EEAF49071DA860A5E68
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:DBE2CD3DE146D61B3A8809355413240C474636D3
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2EB79B9708EC565A9CF3198544AB63A6CB8BF3417D83C07023D210A6C63170FA
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:06AF3875BA1B1991AEB3E818E0521211EF0D88E70B84FE55CD1BCFFFE097AA9F59E6E5A271F9B6CF445950313E476154ABC078107B3FAAA57FB35AE005747120
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="638718" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_b57bac58-4843-4442-8ffb-74d6bd54d47e.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.184906162172793
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:oLMXgCdcbhbVbTbfbRbObtbyEl7ngrkJA6UnSrDtTEd/S9DI:owNcNhnzFSJAr3LnSrDhEd/CI
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:64A829AFA308E1AE99A166AA4470F8BF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:717B976E62866C61AC5240B118F8EE0785E04636
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F8A59C8C1B3D846C139AA4EE8963B2D90CD47C298F77F7C94B78A5B770FE761C
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:CA2B076CC8E004A032023956D07FC5F7E6BCE0243A8A14915F5A04CE2AA6CE3C4BC651F55B2D0B3A2FA2278A400482716D35C275FE44B01B45E68AA300802711
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"type":"uninstall","id":"b57bac58-4843-4442-8ffb-74d6bd54d47e","creationDate":"2024-12-20T00:08:09.304Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_b57bac58-4843-4442-8ffb-74d6bd54d47e.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.184906162172793
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:oLMXgCdcbhbVbTbfbRbObtbyEl7ngrkJA6UnSrDtTEd/S9DI:owNcNhnzFSJAr3LnSrDhEd/CI
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:64A829AFA308E1AE99A166AA4470F8BF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:717B976E62866C61AC5240B118F8EE0785E04636
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F8A59C8C1B3D846C139AA4EE8963B2D90CD47C298F77F7C94B78A5B770FE761C
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:CA2B076CC8E004A032023956D07FC5F7E6BCE0243A8A14915F5A04CE2AA6CE3C4BC651F55B2D0B3A2FA2278A400482716D35C275FE44B01B45E68AA300802711
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"type":"uninstall","id":"b57bac58-4843-4442-8ffb-74d6bd54d47e","creationDate":"2024-12-20T00:08:09.304Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 21:14:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2673
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9901388421190602
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8LOdMTwMpHoidAKZdA1FehwiZUklqehqy+3:8hncpy
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7B570A4DFEE152BF7A55E5F1025AD408
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:8C59609DE12F5A66388D0EFC419BEECCD42033CD
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:CE0CAF079BFD75F9667F615B9644517DE099EEC5AE5D05048F08E0936F6A8FBF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:F8FA0340C8980A8023DC3AC40B192E3B0F2E2A4B93FDF40706FC5A72986DA1B85067E69F767222AEA7274B04E4962BACFF6825B1FB9C1CDBA013B5173CAAF6C0
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.......mcR..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 21:14:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2675
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.00527724118307
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8aOdMTwMpHoidAKZdA1seh/iZUkAQkqehZy+2:8+nS9QQy
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:9387BF2944131381500322816B0002F2
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6E99C4DC5AFFC29DC4C7AEB12971506184DD9E29
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FFD7A273FC77243D0EA75176C2ED95E7BACE87531EF8DE2E7EA92058036C8566
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:84C03C56F5AB5E2FD548DD7038E73854378E668875631F2DD09650047D220FAD207EB6BF827867A0FB5F81865FC36C4C24D5612E72356846709157D3793BB6F2
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.......mcR..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2689
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.015615443249454
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8vOdMTwMAHoidAKZdA14meh7sFiZUkmgqeh7sny+BX:8NnRn1y
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A38E8C2773922295DCB5A1EA20C34128
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:E12C2A7C0049A8E54705E63B297769B1EF3290F3
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:14DB57D1A372E0928391100E698F89CBFA0528AA0F1D16C729B27B2C175DCC8E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:965C307AA000D859FD63C2A4D63B011126E33A99F15EAD408B95B010EC0C5BBADCE4C1FF1FE672B983B59671454CA677F862F0F8792CFCF8E7D053FD87795F9A
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 21:14:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.003628964366359
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8YUOdMTwMpHoidAKZdA1TehDiZUkwqehNy+R:8lnJ/y
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0628CC121669E52E965C6B5922C22D4F
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:09E3333807A58E549254E79549729B6D63419842
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F7F901B059C95CE9CDADA5904E7167AA6412F36D5953D3DF82E72743A36B09AA
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:E6F4D84A1EC252A047419FFB1556766390C5ABD8F544255A701FFD7AC661724E0F374DDC90A3C7F0204CA195B49E712EF4A6E207442B711F0A1A02089268FFF5
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....d.mcR..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 21:14:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.989851641818534
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8VOdMTwMpHoidAKZdA1dehBiZUk1W1qehDy+C:8DnZ9jy
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:F91583F9ADF85A06E3BC0764D0FD9DED
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6657BAD4AA04A73830C2A649450D32DAC1CA3EAF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7882F09EB04167FB4A861F1B12E47652BE5B88444767A25756F5122C231B815E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:267D9C9DDD2A15F2613DBA82230BB630DD632895508D88DD392F0B0D76282A224904530A7596E355DA1CCF9C3C98F758EC3D2B75F68E6B56DE17907324B70F52
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,....U..mcR..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 19 21:14:53 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2679
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.000439499306794
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8WOdMTwMpHoidAKZdA1duTeehOuTbbiZUk5OjqehOuTb1y+yT+:8ynhTfTbxWOvTb1y7T
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:93C12B08375DD98590D7B8FAD9481418
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:64D9F09D9CAC4DFC4BAC21AA0A59AFA9293C1F64
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:739F4655CE4B85214D41C90C845F40B25F09DCA8403A3470008DCB2D1302D10D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:176FC159730D7A485BAFD2B8F035F9E635A714CB77F253DBDF0EC83870E859658E09C3BE92A35F04365F77AD2D9C143AF781795541D5D58BF1065126707A89AF
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.......mcR..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930150431521765
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNH+9bxeh:8S+OIfPUFuOdwNIOd8jvYR0uLw+V8P
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:BA0C05AA40DBCBD0A59540B2CC95B573
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6EF58FD1955D0F86587673330F9C691B2124C125
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D4467245157EA5691267D17476B514243481663E10A72AA939942DB994E7BD67
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:E8664692BCF05A47899D415773BB9A0E5FFD9628FBC47FFF819716384B41CDCEF785DB671505C33C62646FD1EB6B13B067BA1753AB7B667692C6C39A8AD23151
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930150431521765
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNH+9bxeh:8S+OIfPUFuOdwNIOd8jvYR0uLw+V8P
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:BA0C05AA40DBCBD0A59540B2CC95B573
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6EF58FD1955D0F86587673330F9C691B2124C125
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D4467245157EA5691267D17476B514243481663E10A72AA939942DB994E7BD67
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:E8664692BCF05A47899D415773BB9A0E5FFD9628FBC47FFF819716384B41CDCEF785DB671505C33C62646FD1EB6B13B067BA1753AB7B667692C6C39A8AD23151
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 27954 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):6075
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.623258976790648
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:J2YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlJwgJVLd+MYE0pG+ml1j2+:JTx2x2t0FDJ4NF6ILPd+Md0k+uj
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0EE1DEA50353EF72B3983D45C0F79672
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:83A858B3793BD9B1C35A954FA71582F557DDAB01
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:76D8DD378010DD3158633286B32FCEE00A63EA8E85EAF2E60A8B8B1F6FD32C87
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D08B7A1C9EBF2C277662EA7314B371EE114153AE8CA840100D9EA053210BD20188CE591CA247C7E541590C6AAD925AD10F84F1AA025ACB2F01BC37B1DBC57EBD
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.2m....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 27954 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):6075
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.623258976790648
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:J2YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlJwgJVLd+MYE0pG+ml1j2+:JTx2x2t0FDJ4NF6ILPd+Md0k+uj
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0EE1DEA50353EF72B3983D45C0F79672
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:83A858B3793BD9B1C35A954FA71582F557DDAB01
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:76D8DD378010DD3158633286B32FCEE00A63EA8E85EAF2E60A8B8B1F6FD32C87
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D08B7A1C9EBF2C277662EA7314B371EE114153AE8CA840100D9EA053210BD20188CE591CA247C7E541590C6AAD925AD10F84F1AA025ACB2F01BC37B1DBC57EBD
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.2m....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.035577876577226504
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:GtlstFnthDcPCB9SPlstFnthDcPCB9tx89//alEl:GtWtvqQQPWtvqQ589XuM
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7ACAE3088094DBF6E781E8C3A3119A26
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A0DC062B9EDB7FA81EC3C7CB9DB73F01323E53A4
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2CEA6C5D571E5F475BBDC5053D4BF33764DAB7F45AC52975531410AEB7EC9FC0
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:DE3B09EAC88FB2A97A8BA44986232479F249C1E014C5A8E7A1E79B255F0234FAC6C939832BB01D9D3978B7150D889874AD3D53C269F96180BEFFE9A856C3502C
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:..-.......................?O........x..4...zOVH...-.......................?O........x..4...zOVH.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04010304634033313
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Ol1TlXiMTmz2aG3qM2Orl8rEXsxdwhml8XW3R2:KFlXiMTCsqkl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A79914B2772B6AC201419AE6BB8A3058
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:17956F0C648D9D0AD408636376790092762CEDCA
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B82724E170B42E80B6A7B2C35C58B09899B9838B06B51608120B548A283E3366
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6D42A02200F57F30BADAF673637F7D3E4B3E09FD0FA4385F424522BD7D962D8FC13D4C2EB70C3BA184B8A779CA94440360FADEC8D514BB6E1B74724E036CB422
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:7....-..............x..4.m ..|..............x..4O?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.487297673580045
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:gnGRvo1YYbBp6eDLZwxhaXB6+e+NwWI5RuFNBw8dgSl:XebFwx95qwvEw70
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:73440A1E9FF42CC90F8D10FC25A977B9
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:214289C4045A441D5198A50743CB98D55E51C7ED
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:005474417E3BB852F77102746D7671B102515A663D4649F51075DA09C4E1A0D4
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:AE0FDECDECACA5518027A4501716B26B727D062DEAE53073CE3511FF6979199FB4F73AAF4EC5D73C38B0607FC836F9BCE69C4747C34FC202574051BC5D2232F8
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734653256);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734653256);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734653256);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173465

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.487297673580045
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:gnGRvo1YYbBp6eDLZwxhaXB6+e+NwWI5RuFNBw8dgSl:XebFwx95qwvEw70
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:73440A1E9FF42CC90F8D10FC25A977B9
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:214289C4045A441D5198A50743CB98D55E51C7ED
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:005474417E3BB852F77102746D7671B102515A663D4649F51075DA09C4E1A0D4
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:AE0FDECDECACA5518027A4501716B26B727D062DEAE53073CE3511FF6979199FB4F73AAF4EC5D73C38B0607FC836F9BCE69C4747C34FC202574051BC5D2232F8
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734653256);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734653256);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734653256);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173465

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\097a265d-9402-4c2d-b697-2f2d82d349b0 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.96528833485375
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:YZFgVSccDrLs1IVHlW8cOlZGV1AQIYzvZcyBuLZ3CbNcu:YXE1SlCOlZGV1AQIWZcy6Z3Cb
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3555ACFA454C0E229AE676087CF2C673
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:368805CC54068870D4CB83B32BC5F8CB54B46624
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C9B123EB4B6F4CB19EAF57C2DCEF0593ACD157C6B0C8BBB3B5F4A35571075F6E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:8BE1C9CE10F7D9D8BA293DAAE172B53D842FC960382675EF31ACA044B9055A82AC9736C5925285A0420B7175FEA75636F93ECC15DB877B7634BD212FD171B285
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"type":"health","id":"097a265d-9402-4c2d-b697-2f2d82d349b0","creationDate":"2024-12-20T00:08:09.324Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\097a265d-9402-4c2d-b697-2f2d82d349b0.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.96528833485375
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:YZFgVSccDrLs1IVHlW8cOlZGV1AQIYzvZcyBuLZ3CbNcu:YXE1SlCOlZGV1AQIWZcy6Z3Cb
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3555ACFA454C0E229AE676087CF2C673
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:368805CC54068870D4CB83B32BC5F8CB54B46624
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C9B123EB4B6F4CB19EAF57C2DCEF0593ACD157C6B0C8BBB3B5F4A35571075F6E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:8BE1C9CE10F7D9D8BA293DAAE172B53D842FC960382675EF31ACA044B9055A82AC9736C5925285A0420B7175FEA75636F93ECC15DB877B7634BD212FD171B285
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"type":"health","id":"097a265d-9402-4c2d-b697-2f2d82d349b0","creationDate":"2024-12-20T00:08:09.324Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5824 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1500
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.242522711423784
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:veSUGli7WpazUhEGLXVMTj62PHYB+mkDT5sEIFGULt6QMFHuxH0YEahRq/vejkDf:WpbWpHEGK3qB+mqZ+aIAR2QDzDth
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:DC46A9C83DC7C48EEB456EEF0A30C264
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:292668326A5D72E764133D618CE5B945FD7A4535
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:38C006BA8C216BE96BDAD8E1038F5C49BDCC97109FF99180FDCF0F6A5A69E8A1
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:457B5DACE5DEBDE636132F6CBD67E1885633719F448F1F89689E5923F9933FE5EF50D62FB480AA0A76C5CC1179499548E99B9294D8BB5D0E5D445F52EEE20601
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{0e3614a5-e6c3-41a0-815a-e3ecefc829c8}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{efcb9929-44db-4092-8f56-de466634fdce}\"}}","hasUserInteractA...false,"triggeringP\....Q3\":{E..6docIdentifier":8,"persist":true}],"lastAccessed":1734653266816,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zB..1...WH..j........E..:..{.1":{..jUpdate...7,"startTim..A2195...centCrash...0},"global..Dcook.. hoa..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"http

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5824 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1500
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.242522711423784
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:veSUGli7WpazUhEGLXVMTj62PHYB+mkDT5sEIFGULt6QMFHuxH0YEahRq/vejkDf:WpbWpHEGK3qB+mqZ+aIAR2QDzDth
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:DC46A9C83DC7C48EEB456EEF0A30C264
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:292668326A5D72E764133D618CE5B945FD7A4535
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:38C006BA8C216BE96BDAD8E1038F5C49BDCC97109FF99180FDCF0F6A5A69E8A1
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:457B5DACE5DEBDE636132F6CBD67E1885633719F448F1F89689E5923F9933FE5EF50D62FB480AA0A76C5CC1179499548E99B9294D8BB5D0E5D445F52EEE20601
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{0e3614a5-e6c3-41a0-815a-e3ecefc829c8}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{efcb9929-44db-4092-8f56-de466634fdce}\"}}","hasUserInteractA...false,"triggeringP\....Q3\":{E..6docIdentifier":8,"persist":true}],"lastAccessed":1734653266816,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zB..1...WH..j........E..:..{.1":{..jUpdate...7,"startTim..A2195...centCrash...0},"global..Dcook.. hoa..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"http

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5824 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1500
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.242522711423784
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:veSUGli7WpazUhEGLXVMTj62PHYB+mkDT5sEIFGULt6QMFHuxH0YEahRq/vejkDf:WpbWpHEGK3qB+mqZ+aIAR2QDzDth
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:DC46A9C83DC7C48EEB456EEF0A30C264
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:292668326A5D72E764133D618CE5B945FD7A4535
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:38C006BA8C216BE96BDAD8E1038F5C49BDCC97109FF99180FDCF0F6A5A69E8A1
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:457B5DACE5DEBDE636132F6CBD67E1885633719F448F1F89689E5923F9933FE5EF50D62FB480AA0A76C5CC1179499548E99B9294D8BB5D0E5D445F52EEE20601
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{0e3614a5-e6c3-41a0-815a-e3ecefc829c8}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{efcb9929-44db-4092-8f56-de466634fdce}\"}}","hasUserInteractA...false,"triggeringP\....Q3\":{E..6docIdentifier":8,"persist":true}],"lastAccessed":1734653266816,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zB..1...WH..j........E..:..{.1":{..jUpdate...7,"startTim..A2195...centCrash...0},"global..Dcook.. hoa..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"http

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.031875072696704
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YrSAYRpUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycRdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:457484DEA9FB8F923FB8AA7A25720B8E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0A03AB5CCF0044C22C4AB2AE9E1A3D3203635825
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7CCFA969814E2F7AEBE7A300655CCF2450F4B9A058E9339E84FAF871A61F5936
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:02368D418F2B3503630D795DF662A5D731A42DEDC6304BDD3E3F0ABA068CE292C3BDE20F1A9B5A480CFEA90F66F2F45D73AF0A9705C866E3BC2AD0414EF4202E
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T00:07:21.687Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.031875072696704
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YrSAYRpUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycRdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:457484DEA9FB8F923FB8AA7A25720B8E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0A03AB5CCF0044C22C4AB2AE9E1A3D3203635825
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7CCFA969814E2F7AEBE7A300655CCF2450F4B9A058E9339E84FAF871A61F5936
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:02368D418F2B3503630D795DF662A5D731A42DEDC6304BDD3E3F0ABA068CE292C3BDE20F1A9B5A480CFEA90F66F2F45D73AF0A9705C866E3BC2AD0414EF4202E
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T00:07:21.687Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\Desktop\dbghelp.dll

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):137728
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.804947763009828
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:xCcl0Urg41+nAEXq/LPCMkymQMr6Kjc0MzC8r:AU0U041+AhCM/mQMWKdMzC8r
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E2181F298013BBA4CBB3282780F6D46B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:DA9CD841E551248BCADB9FFAE4C1CB9A08BCBBFB
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:4820BF7C2BA11D364DBC5A441BC138B9745D787FD6332BB6DE40C693D0DA3505
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:60BF49DA5FFFAEA27F4D344F09AD4A066F18F116536664756F8EE28DA3D92A804282AE038AB2A0EADF39B1A61F4488C59BF0C83EA838E6C85B46C23708604CC5
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.*.T.y.T.y.T.yO..y.T.y.".y.T.y.",y.T.y."-y.T.y.,.y.T.y.T.y.T.y.")y.T.y.".y.T.y.".y.T.yRich.T.y........PE..L......a...........!.........H......I........0............................................@......................... t.......k..d............................p..|....................................e..@............0...............................text...0........................... ..`.rdata...^...0...`..................@..@.data............f...z..............@....detourd.....@......................@....detourc.....P......................@..@.reloc..>$...p...&..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\Desktop\help.dll

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):172544
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1587362057135975
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Wkocnhd6C0tLhfoH5lTqEeS408bMREKMreqttCPHh3e61Sur4/:C4hdstFfmTTev08bMRElreP
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:34E3337184B6ACAFB646A9CDD90566AF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:8D10C7F69F1BC2DE4147382826960569CD8C7F10
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:238DE794AA3C6A41339AA9CBA25FC8E37EC7B8A973D3D74217FF6D175918041B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:024DD9CB22F26AA100C73999E9FA9ACDDDB7780FD9154E2B16A08B79815F0919245FC0A0E5F80B65CF066CFDA3EF5149FE124C1E9A8BA3162B25CC7FC20C9F6D
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../..................................................Rich...........................PE..d......a.........." ......................................................................@..........................................x..w....m..P...............p.......................................................................0............................text..."........................... ..`.rdata...x.......z..................@..@.data...x=...........f..............@....pdata..p...........................@..@.reloc..N...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\Desktop\wintrust.dll

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):218624
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.139133495192008
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:TkJvBcftRxEn6bXH5B42aSTRz2aWDkVrWkfJI3QT6qw7rpsYGdy4E9Ec:mURxvXZBDT52aQk4ifISc
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4014A5186A61F36DB01000F48629F5A6
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:EA812319C9191749642B81A714316842322EFDE0
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:3F9806F7FF5E502081204D98B528E9307EB57AA98EE6F74882C7A9245A90F4E5
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A1CC1629F300F003A2F837EFB406279F0737304FB33312FDC3D24D0F71F605608F442CA35B59E4B360A223E8888FFBF22D6D1D878564C50FF247FAAF5DA8C8D0
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........G.n...n...n....r..n...n...n....J..n....K..n....N..n.......n....z..n....|..n..Rich.n..........PE..d...x..f.........." .....>...>......h.....................................................@.....................................................P............P..<$...................................................................P...............................text....<.......>.................. ..`.rdata.......P.......B..............@..@.data....B..........................@....pdata..<$...P...&..................@..@.detourd.............(..............@....detourc.!......."...*..............@..@.reloc...............L..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\catroot2\dberr.txt

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):74054
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3904735964032335
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:1zP1BXfXSRi5133sZH0iVtwg70UPtNSKrN9v1XbRz/JKXTDNnmsGy3NELKzs2wrZ:1s
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:17147AF6209B5330A3600762D7CF437C
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:34EACD7A86B320AA31C6AD88643200673B3837B1
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:DC6051D7C9F01AE25DCD63CFFB19D292A0205A979707DCE2392E6541DE4A9EE5
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:64A8C36169BA4580F074AAE0B9D63EFC41AA7A8D373CFFE67397017EE8A00226EDA8458C39E18BB3D9E139CC9EBAC964C1E059BF73BE7F9C9C9EFC14E29CD55F
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.310344813447116
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Xmw8CE/ZeaJFSSPbY6B0CvpuIUOa4+e9gFbJUjWKdHjj5+aJ1vREf4FBA:Xz86Wvp63qtdHH5eAv
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:776E15C1F6F725F40847CE09D4E2E1E0
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:E321AD0AEC3492FFC424B718E6973992BC7E2D36
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B3E1ACB3C9736ED008AF16740A7968877C1F364302AE36D93A2DEBB07173DA6D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:40906A5C782E8825D7FB6CAE4F18C3FF51E84DBD0D9E879E50DECB7E1969C965E4A4C2DD40BB25389EDE2AFE3E267D784D0D0FF01CCBA7ED01080485E98FE708
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:regfG...G....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm>...cR...............................................................................................................................................................................................................................................................................................................................................F..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 122

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (799)
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):804
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.154189875274393
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:tNNNcBBHslgT9lCuABATRCuFA7F7HHHHHHHYqmffffffo:tteKlgZ01BAtCuFYFEqmffffffo
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5DE73CD70A9B943A1E7BC1311F64CD5D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:D3B0F3DBB049521591B50A27D6327B631814BECC
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:4E2B7F886A76FAAA065911BFC7F819307EB278B02E751C1BBA965A79FD1A91D9
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C85E3BE6722DB3B226ED275531173F1AFCADDD7719AE9AD892A1E013D3697C604CF8BE6A48176D00A52BC76EE117C960C575DCE504AD86D610A1FD98B66795F2
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:)]}'.["",["crush 40 sega lawsuit","russian aircraft near alaska","apple ios 18.3","nfl power rankings week 16","christopher renstrom horoscopes","nasa astronauts stuck in space","vanuatu earthquakes","att employees"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-5452458452832377041,"google:suggestrelevance":[1251,1250,601,600,553,552,551,550],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 123

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):117446
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 124

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 125

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):132739
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.436573465801264
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:frkJQ7O4N5dTm+syHEt4W3XdQ4Q6fuSr/nUW2i6o:fuQ7HTt/sHdQ4Q6fDfUW8o
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4E2472555A8E7E29ECE48ED3FD3705C8
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:2CA6383D6B2437E61740AF9E94B2D1370C785416
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:96FA3AB4F06C2348F38E0562B9C364E6C0DD1EB859A2158A372695BCE7DC845B
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D66E708F17ED5BC26F02DB618921329C85AE4B82A431A8BCAFD9EB68CFAEF3B0141FB549C89925E901F912E3C29F9B021D63C7E77C07B4FA7480DAF8117EB56C
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 126

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):175897
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 127

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):5162
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 128

                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1660
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                  URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  File type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998832333720654
                                                                                                                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                                                                                                                  • 7-Zip compressed archive (6006/1) 100.00%
                                                                                                                                                                                                                                                                                                                                                                                                  File name:ghostspider.7z
                                                                                                                                                                                                                                                                                                                                                                                                  File size:159'064 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5:d47be3f859cd49567581bf2e483befa8
                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:175916ca5555b66cc5cc3f448ca6f86c91556787
                                                                                                                                                                                                                                                                                                                                                                                                  SHA256:61da51c3d4dd5531b94af2d6b7b44387e16cc05a7a869e1f811f78ad9370c51b
                                                                                                                                                                                                                                                                                                                                                                                                  SHA512:9f975ef1d8899d6ca94eb11ea715a2f9cc3318d6d5686a845e4dfec4e7cfe83316de2aaad7f100555978c24b4dd16dde5d6ed764b7a883f542fe39dbeb9358e3
                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:NT4I0DYxa8J5DUxdGeeU0hKvLPZC+/tDISziilkIQsg3VLp+sl/Y:NTuR87DUieR0hKj4WtDISziYkeQvS
                                                                                                                                                                                                                                                                                                                                                                                                  TLSH:CBF323057CE4369F2C348620DDDD4694232A2BCA0E482DD379ED997D56C43AF1AF8B03
                                                                                                                                                                                                                                                                                                                                                                                                  File Content Preview:7z..'...BW2..m......$.............\.../_..|...........2...t..Sw...../."th.._. .9/...&O.+m..tM+J |.4._).t..A....|.....6.z...I.5u."pW35..$.V...&...C..fS...L...nq......_9Tv....f..4.%o:.:.U.GH.or.4.r...k.u..qO..s...:l..k.....U..........#W...._$.,.....LVe.i.`7

                                                                                                                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                                                                                                                  Icon Hash:72e2a2a292a2a2b2

                                                                                                                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:36.806422949 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:37.108982086 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:37.714999914 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:38.923038960 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:41.319771051 CET4968980192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:41.332649946 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:44.975322008 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:45.275983095 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:45.884967089 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:46.140983105 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:47.100074053 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:49.445188999 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:49.507986069 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:49.747009039 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:50.355026960 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:51.566003084 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.323776960 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.323880911 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.323988914 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.324218988 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.324248075 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.599173069 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.599294901 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.599389076 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.599631071 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.599659920 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.663296938 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.663360119 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.663465023 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.663688898 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.663703918 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.678710938 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.678805113 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.678944111 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.679140091 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.679179907 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:53.981003046 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.033011913 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.033289909 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.033355951 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.034802914 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.034878969 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.035875082 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.035969019 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.036065102 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.036082029 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.089026928 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.295248985 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.295561075 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.295574903 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.297003031 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.297080040 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.297537088 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.297621012 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.297673941 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.313025951 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.339339972 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.344986916 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.344995975 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.356941938 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.357342005 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.357371092 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.358787060 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.358863115 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.359253883 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.359340906 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.359437943 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.359445095 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.375777960 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.376013994 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.376024961 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.377432108 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.377499104 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.378098011 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.378174067 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.392126083 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.407991886 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.418572903 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.418582916 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.472003937 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.883789062 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.884166956 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.884258986 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.885453939 CET49709443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.885502100 CET44349709142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149286032 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149451971 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149521112 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149538994 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149569035 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149633884 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.149666071 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.170408010 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.170499086 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.170522928 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.176948071 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.177015066 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.177028894 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.204957008 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.205120087 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.205185890 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.206253052 CET49713443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.206276894 CET44349713142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.233411074 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.233433008 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.268764019 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.268840075 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.268862009 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.312019110 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.335180044 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.343389034 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.343455076 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.343467951 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.355439901 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.355515003 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.355525970 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.369060040 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.369180918 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.369209051 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.382441998 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.382518053 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.382528067 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.395983934 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.396064043 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.396078110 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.410049915 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.410115004 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.410124063 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.425210953 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.425280094 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.425288916 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.436691046 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.436748028 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.436753988 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.449438095 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.449521065 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.449534893 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.461317062 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.461378098 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.461396933 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.474014044 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.474081039 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.474087954 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.520021915 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.520036936 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.533071041 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.533143044 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.533152103 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.539827108 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.539907932 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.539916039 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.541383028 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.543061972 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.543070078 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.546670914 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.546724081 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.546730995 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.555753946 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.557143927 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.557152987 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.564944983 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.565031052 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.565037966 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.575141907 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.575221062 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.575227976 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.584686995 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.584758997 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.584767103 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.593069077 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.593153000 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.593172073 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.602550030 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.602606058 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.602624893 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.612065077 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.612138033 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.612148046 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.621382952 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.621462107 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.621474028 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.631043911 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.633034945 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.633058071 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.640135050 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.642582893 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.642591000 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.652925968 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.653028965 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.653036118 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.658642054 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.658699989 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.658708096 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.667913914 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.667993069 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.668015003 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.676817894 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.676868916 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.676889896 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.685846090 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.686873913 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.686893940 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.694552898 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.694610119 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.694629908 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.707309008 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.707375050 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.707382917 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.710067987 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.710119009 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.710125923 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.715821981 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.715903997 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.715910912 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.725146055 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.725212097 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.725219965 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.727024078 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.727106094 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.727113008 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.731865883 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.731960058 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.731970072 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.738286972 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.739526987 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.739625931 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.739633083 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.739690065 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.744050980 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.748121023 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.757180929 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.757409096 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.757498026 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.757514000 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.757582903 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.758564949 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.758749008 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.759041071 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.759049892 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.766664028 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.766736984 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.766758919 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.766947031 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.766993046 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.767184019 CET44349712142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.773833990 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.773883104 CET49712443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.439330101 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.439532995 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.559011936 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.559056997 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.559067965 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.559096098 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.559186935 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.996381044 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.996402979 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:57.996486902 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.000487089 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.000560045 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.000669003 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.008903027 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.008985043 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.009064913 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.017267942 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.017450094 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.017515898 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.025655985 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.025763035 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.026014090 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:58.790009975 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.093468904 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.093502045 CET4434972835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.093679905 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.099023104 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.099035025 CET4434972835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.317456961 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.317496061 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.317564964 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.317795038 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.317805052 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.313560009 CET4434972835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.313646078 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.325263023 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.325278997 CET4434972835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.325400114 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.325434923 CET4434972835.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.330137014 CET49728443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.519083023 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.519130945 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.519221067 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.519447088 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.519465923 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.014921904 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.016191959 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.016256094 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.017385960 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.018546104 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.021388054 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.021498919 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.021553993 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.067334890 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.072032928 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.072058916 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.119596958 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.699549913 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.699769020 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.699804068 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.699832916 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.699862957 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.699914932 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.700481892 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.712795019 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.712856054 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.712863922 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.720782995 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.720844984 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.720853090 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.771996975 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.820178032 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.824306011 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.824399948 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.833214998 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.833235979 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.833441973 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.892440081 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.896955013 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.897032976 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.897049904 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.908467054 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.909662962 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.909672976 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.921785116 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.921875000 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.921883106 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.935647964 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.935729980 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.935739994 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.949429035 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.949479103 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.949485064 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.951627970 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.963160992 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.963221073 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.963372946 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.963382959 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.963428020 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.975976944 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.988883972 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.989015102 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.989547014 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.989582062 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.989622116 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.001521111 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.014374971 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.014431953 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.014447927 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.027311087 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.027374983 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.027385950 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.041506052 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.041563034 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.041577101 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.071166039 CET804973734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.071265936 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.071444035 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.084247112 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.084307909 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.084332943 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.086651087 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.086700916 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.086723089 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.095477104 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.095562935 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.095705032 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.095727921 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.096154928 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.108357906 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.121186018 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.121346951 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.123300076 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.124059916 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.124094009 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.134603977 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.134661913 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.134690046 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.145466089 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.145523071 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.145545006 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.157335043 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.157401085 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.157428980 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.168700933 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.170213938 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.170238018 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.180313110 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.180457115 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.180480003 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.190881968 CET804973734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.191142082 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.191211939 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.191234112 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.201596975 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.202016115 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.202028990 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.211811066 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.211869955 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.211898088 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.211908102 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.212282896 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.212311983 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.212646961 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.213258982 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.214194059 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.214205980 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.215298891 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.215369940 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.215488911 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.215498924 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.215522051 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.221786976 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.221838951 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.221848965 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.231317043 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.231378078 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.231404066 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.240274906 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.240339041 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.240362883 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.247951031 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.248003960 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.248029947 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.256423950 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.256477118 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.256500006 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.259026051 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.263329983 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.264589071 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.264645100 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.264669895 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.272944927 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.273003101 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.273031950 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.281586885 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.281651020 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.281673908 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.287101030 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.287154913 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.287175894 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.291759014 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.291806936 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.291830063 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.296746016 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.296825886 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.296847105 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.297086000 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.297121048 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.297281027 CET44349730172.217.17.78192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.297288895 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.297564030 CET49730443192.168.2.16172.217.17.78
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.504375935 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.504424095 CET4434973834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.505312920 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.506706953 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.506721020 CET4434973834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.529551983 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.529602051 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.529684067 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.531064034 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.531080008 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.625380993 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.625433922 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.625515938 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.625637054 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.625647068 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.764607906 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.764658928 CET4434974134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.764899015 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.765090942 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.765101910 CET4434974134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.947887897 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.948044062 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.948215008 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.949038029 CET49732443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.949058056 CET44349732142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.159023046 CET804973734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.211038113 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.737066031 CET4434973834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.741296053 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.745981932 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.745992899 CET4434973834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.746061087 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.746264935 CET4434973834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.748080015 CET49738443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.755131960 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.763829947 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.764393091 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.774189949 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.774209023 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.774279118 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.774544001 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.775402069 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.800560951 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.800590992 CET4434974334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.801088095 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.803142071 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.803153992 CET4434974334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.807337999 CET4974480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.850594997 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.850678921 CET4434974534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.850971937 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.852324009 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.852359056 CET4434974534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.853080034 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.853223085 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.856453896 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.856461048 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.856858969 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.859483957 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.859661102 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.859662056 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.859675884 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.874535084 CET804973734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.926018000 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.926814079 CET804974434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.927795887 CET4974480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.927973032 CET4974480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.979964018 CET4434974134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.980038881 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.983205080 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.983217001 CET4434974134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.983525991 CET4434974134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986258030 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986387014 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986396074 CET4434974134.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986448050 CET49741443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986728907 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986768961 CET4434974734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986828089 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986957073 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.986969948 CET4434974734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.047411919 CET804974434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.067378044 CET4434974035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.067461014 CET49740443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.069658041 CET804973734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.087275028 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.087426901 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.087496042 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.110626936 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.230482101 CET804973734.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.230552912 CET4973780192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.416600943 CET49714443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.416666031 CET44349714142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.485236883 CET4974480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.490722895 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.491843939 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.610373020 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.610460043 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.610652924 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.611387014 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.611450911 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.611588001 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.645498991 CET804974434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.730232000 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.730971098 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.818533897 CET804974434.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.820960999 CET4974480192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.021759033 CET4434974334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.021863937 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.026593924 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.026606083 CET4434974334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.026706934 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.026746035 CET4434974334.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.026792049 CET49743443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.027220011 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.027317047 CET4434975134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.027401924 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.028697968 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.028736115 CET4434975134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.066440105 CET4434974534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.066514015 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.071521997 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.071552992 CET4434974534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.071589947 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.071670055 CET4434974534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.071717978 CET49745443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.200368881 CET4434974734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.200762033 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.204303026 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.204322100 CET4434974734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.204606056 CET4434974734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.207426071 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.207498074 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.207861900 CET4434974734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.209280014 CET49747443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.392714977 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.392759085 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.392999887 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.393131018 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.393153906 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.678361893 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.678421974 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.680696964 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.680830002 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.680838108 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.695781946 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.696947098 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.705001116 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.747010946 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.824589014 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.942960978 CET49754443192.168.2.16150.171.84.254
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.943000078 CET44349754150.171.84.254192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.943175077 CET49754443192.168.2.16150.171.84.254
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.945348978 CET49754443192.168.2.16150.171.84.254
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.945363998 CET44349754150.171.84.254192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.018783092 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.066606998 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.066649914 CET4434975535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.066736937 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.066931009 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.066940069 CET4434975535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.070173025 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.070225954 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.070698023 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.072048903 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.072144032 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.072156906 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.246582985 CET4434975134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.246685028 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.252194881 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.252221107 CET4434975134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.252288103 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.252403975 CET4434975134.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.253029108 CET49751443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.904896975 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.904989004 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.908709049 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.908720016 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.908961058 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.911422014 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.911499977 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.911556959 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.911772013 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.087987900 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.088278055 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.088294029 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.088840008 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.089150906 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.089250088 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.089302063 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.089342117 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.089354038 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.284109116 CET4434975535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.288079977 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.291136026 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.291151047 CET4434975535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.291423082 CET4434975535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.293958902 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.294039011 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.294132948 CET4434975535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.294184923 CET49755443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.299767971 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.299845934 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.305217028 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.305236101 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.305284977 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.305522919 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.305567026 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.688884020 CET44349754150.171.84.254192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.688971043 CET49754443192.168.2.16150.171.84.254
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.841790915 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.845361948 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.845428944 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.846319914 CET49752443192.168.2.16142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:07.846343994 CET44349752142.250.181.110192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:08.406091928 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.324995995 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.444628000 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.464471102 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.464519024 CET4434975834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.464582920 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.465966940 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.465991974 CET4434975834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.491461992 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.491503954 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.491585970 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.497090101 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.497104883 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.640516043 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.685029030 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.972011089 CET44349754150.171.84.254192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.972083092 CET49754443192.168.2.16150.171.84.254
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.682039976 CET4434975834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.682136059 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.686672926 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.686691999 CET4434975834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.686754942 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.686856985 CET4434975834.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.686913013 CET49758443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.723763943 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.723856926 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.728493929 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.728504896 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.728574991 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.728642941 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:12.728966951 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.137401104 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.257061958 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.452183962 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.503056049 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.639561892 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.639599085 CET4434976034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.639694929 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.641052008 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.641062975 CET4434976034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:14.877615929 CET4434976034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:14.877715111 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.826947927 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.827742100 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.827800035 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.827878952 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.827929974 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.827960014 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828008890 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828017950 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828150988 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828593969 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828593969 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828614950 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828943968 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.828953981 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.829041004 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.829075098 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.830593109 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.830621004 CET4434976034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.830693007 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.830894947 CET4434976034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.833101988 CET49760443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.946752071 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.145840883 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.192173958 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.396476030 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.403192997 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.403296947 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.404736996 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.406084061 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.406121969 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.516350985 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.535480022 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.535578966 CET4434976534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.535804987 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.535959959 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.535989046 CET4434976534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.714657068 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.768049002 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.044253111 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.044333935 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.045267105 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.045329094 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.047192097 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.047254086 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.351779938 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.351826906 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.352158070 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.354338884 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.354365110 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.354799032 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.356518030 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.356532097 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.356844902 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.383865118 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.383984089 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.384150028 CET4434976234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.384813070 CET49762443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385189056 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385262012 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385415077 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385464907 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385489941 CET4434976334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385565996 CET49763443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.385649920 CET4434976134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.386590958 CET49761443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.654236078 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.654311895 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.751116037 CET4434976534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:17.751204014 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.534353971 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.534389019 CET4434976534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.534729004 CET4434976534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.534729004 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568355083 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568417072 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568449020 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568533897 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568584919 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568758965 CET4434976534.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568805933 CET49765443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568866968 CET4434976434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.568922043 CET49764443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.654355049 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.814055920 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.850744963 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.903069973 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.933825016 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.129700899 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131213903 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131335974 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131418943 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131561995 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131598949 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.171034098 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302054882 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302144051 CET4434976734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302383900 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302439928 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302872896 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302917004 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.304308891 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.304363012 CET4434976734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.305618048 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.305644035 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.353853941 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.473522902 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.669151068 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.722060919 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.373260021 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.373353004 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.568144083 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.568245888 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.758958101 CET4434976734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.760072947 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.969458103 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.969484091 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.969854116 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.979964972 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980143070 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980144978 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980155945 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980273008 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980299950 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980364084 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980496883 CET4434976834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980580091 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980592966 CET4434976734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980652094 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980824947 CET49768443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980825901 CET4434976734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:20.980935097 CET49767443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:21.191339016 CET4434976634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:21.192384005 CET49766443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:22.027978897 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:22.147713900 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:22.346774101 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:22.392045021 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:23.623963118 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:23.624006033 CET4434977034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:23.624089003 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.609616041 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.609663963 CET4434977034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.715203047 CET4969580192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.715298891 CET4969680192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.835508108 CET8049695199.232.214.172192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.835602999 CET4969580192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.835859060 CET8049696199.232.214.172192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:24.835912943 CET4969680192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:25.826226950 CET4434977034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:25.831335068 CET4434977034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:25.832127094 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.023130894 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.025765896 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.026427984 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.026453972 CET4434977034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.026501894 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.026786089 CET4434977034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.026839018 CET49770443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.142894983 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.145431995 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.337449074 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.342816114 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.380116940 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.395128012 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.305537939 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.307226896 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.307303905 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.307938099 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.309314966 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.309350967 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.425232887 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507083893 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507136106 CET4434977535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507617950 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507747889 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507759094 CET4434977535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.584980965 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.585073948 CET4434977634.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.585169077 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.586426020 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.586474895 CET4434977634.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.645869970 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.645960093 CET44349777151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.646080017 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.646229029 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.646260023 CET44349777151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.662722111 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.715085030 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.061325073 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.061373949 CET4434977834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.061455011 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.061582088 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.061594963 CET4434977834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.533430099 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.533524990 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.538707972 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.538754940 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.538808107 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.538925886 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.538981915 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.719187021 CET4434977535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.719917059 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.722604036 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.722623110 CET4434977535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.722873926 CET4434977535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.725580931 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.725709915 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.725742102 CET4434977535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.726293087 CET49775443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.804263115 CET4434977634.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.805552006 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.811671972 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.811686993 CET4434977634.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.811774015 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.812009096 CET4434977634.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.812248945 CET49776443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.872618914 CET44349777151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.874196053 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.876990080 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.877001047 CET44349777151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.877310038 CET44349777151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.880867958 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.880973101 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.881058931 CET44349777151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.881663084 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:32.881663084 CET49777443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.281186104 CET4434977834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.283216953 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.370372057 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.370424986 CET4434977834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.371418953 CET4434977834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.373697996 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.373857975 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374264002 CET4434977834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374304056 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374346972 CET4434977934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374347925 CET49778443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374418974 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374564886 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:33.374586105 CET4434977934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.588722944 CET4434977934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.588805914 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.592051983 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.592066050 CET4434977934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.592257023 CET4434977934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.595154047 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.595232010 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.595277071 CET4434977934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:34.595324993 CET49779443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.272659063 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.276546001 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.276602983 CET4434978035.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.277121067 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.278565884 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.278585911 CET4434978035.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.392368078 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410461903 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410579920 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410597086 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410660028 CET4434978235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410742044 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410754919 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410770893 CET4434978335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410803080 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410850048 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410864115 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410872936 CET4434978235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.410969973 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.411005974 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.411057949 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.411082029 CET4434978335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.421996117 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.422039986 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.422297001 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.423796892 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.423811913 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.597800970 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.647594929 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.491528988 CET4434978035.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.491624117 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.496556997 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.496573925 CET4434978035.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.496640921 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.496737003 CET4434978035.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.496947050 CET49780443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.621589899 CET4434978335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.623469114 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.623903036 CET4434978235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.623965025 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.623991013 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.624058962 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.625894070 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.625902891 CET4434978335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.626107931 CET4434978335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.628326893 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.628334999 CET4434978235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.628556967 CET4434978235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.630547047 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.630551100 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.630754948 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635473967 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635565996 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635629892 CET4434978335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635660887 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635734081 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635742903 CET49783443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635798931 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635854006 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635907888 CET4434978135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.635962009 CET49781443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.638645887 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.638777018 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.638808966 CET4434978235.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.638873100 CET49782443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643270969 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643280983 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643376112 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643392086 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643398046 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643852949 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.643892050 CET4434978535.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.645258904 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.646543980 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.646565914 CET4434978535.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.855334044 CET4434978435.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:36.855386972 CET49784443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:37.947252989 CET4434978535.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:37.947370052 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:38.278470039 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:38.278506994 CET4434978535.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:38.278539896 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:38.278817892 CET4434978535.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:38.278878927 CET49785443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.701525927 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.708306074 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.821182966 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.827809095 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.997778893 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.997879028 CET4434978634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.997970104 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.998126984 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.998159885 CET4434978634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.015861988 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.023030996 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.059115887 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.074089050 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.484961033 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.604547024 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.799127102 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.843403101 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.211200953 CET4434978634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.211308002 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.484255075 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.484288931 CET4434978634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.484627008 CET4434978634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487097979 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487224102 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487288952 CET4434978634.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487348080 CET49786443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487679958 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487780094 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.487879038 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.488010883 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.488028049 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:42.698707104 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:42.698779106 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.606089115 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.606112003 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.606441975 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.662130117 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.917340040 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.917421103 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.917660952 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:44.917732000 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.274627924 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.394408941 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.594082117 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.642136097 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.773636103 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.893338919 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:46.087907076 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:46.142106056 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.283639908 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.283735991 CET4434979234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.283854008 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.285240889 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.285279989 CET4434979234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.605232954 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.725122929 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.097173929 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.216840982 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.498631954 CET4434979234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.498730898 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.504097939 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.504126072 CET4434979234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.504198074 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.504268885 CET4434979234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.504340887 CET49792443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.507138014 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.626776934 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.822325945 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.826163054 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.863156080 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.945741892 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:57.142009020 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:57.197148085 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.375816107 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.375900984 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.375998020 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376032114 CET4434979434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376141071 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376163960 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376272917 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376331091 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376393080 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376422882 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376605988 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376616001 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.379334927 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.379352093 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.379368067 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.379368067 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.379368067 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.379389048 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401387930 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401400089 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401415110 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401451111 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401462078 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401470900 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401503086 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401515007 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401571989 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401606083 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401607037 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.401626110 CET4434979434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.677179098 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.677290916 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.677820921 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.677973986 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.680954933 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681036949 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681195974 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681210041 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681308031 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681365013 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681458950 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681562901 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.681617022 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.685322046 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.685332060 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.685657978 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.686690092 CET4434979434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.686748981 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.688297033 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.688307047 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.688678026 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.691293955 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.691298962 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.691616058 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.694856882 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.694864035 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.695189953 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.697165966 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.697182894 CET4434979434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.698193073 CET4434979434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.704123974 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.704266071 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.704319000 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.704977989 CET49797443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.704993963 CET4434979734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705101967 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705275059 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705409050 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705499887 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705564976 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705652952 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705682993 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705697060 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705703020 CET4434979634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705739021 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705759048 CET49796443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705759048 CET49798443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705775023 CET4434979834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705806017 CET49793443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.705820084 CET4434979334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.706271887 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.706357956 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.706437111 CET4434979534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.706480026 CET49795443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:01.741148949 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.948637962 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.948684931 CET4434979934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.948771000 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949126005 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949152946 CET4434980034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949210882 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949486017 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949502945 CET4434979934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949722052 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949779034 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949784040 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949798107 CET4434980034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.949839115 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.950681925 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.950700045 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.950871944 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.950973034 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.951210976 CET4434979434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:02.951265097 CET49794443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.171816111 CET4434980034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.171896935 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.174633026 CET4434979934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.174705982 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.175260067 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.175266981 CET4434980034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.175637960 CET4434980034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.175700903 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.175786972 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.177612066 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.177623034 CET4434979934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.178009987 CET4434979934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.180311918 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.180345058 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.180756092 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.183964014 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184082031 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184194088 CET4434980034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184263945 CET49800443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184499025 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184591055 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184725046 CET4434979934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.184776068 CET49799443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.185137033 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.185190916 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.185386896 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.185444117 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.470527887 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.471738100 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.471787930 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.471860886 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.471949100 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.471962929 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.510252953 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.510313988 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.510406971 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.510456085 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.510808945 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.510863066 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.511382103 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.511404037 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.511755943 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.511766911 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512234926 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512259007 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512259007 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512259007 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512517929 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512520075 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512540102 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512612104 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512626886 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512691021 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512702942 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512765884 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512773037 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512845993 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.512860060 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.590369940 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.785446882 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.788490057 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.828172922 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.908488989 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.102855921 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.146186113 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.699610949 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.699753046 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.703563929 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.703577995 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.703788042 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.706240892 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.706377983 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.706389904 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.706449986 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.706887960 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.706988096 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.707254887 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.707386017 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.707407951 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.709611893 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.725522995 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.725649118 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.726067066 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.726156950 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.726413012 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.726478100 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.727860928 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.727945089 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.728147030 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.728219032 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.728835106 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.728861094 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.729151011 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.731297970 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.731311083 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.731735945 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.733489990 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.733500004 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.733773947 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.735729933 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.735755920 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.736150980 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.738049984 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.738073111 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.738682985 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.745747089 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746018887 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746088982 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746298075 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746341944 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746392965 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746423960 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746480942 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746506929 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746648073 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746653080 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746654987 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746690035 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746702909 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746702909 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746716022 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746726036 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746726036 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746740103 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746752977 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746762991 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746772051 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746819019 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.746824980 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.747805119 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.747848034 CET4434981034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.747906923 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.747939110 CET4434980934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.747997046 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.748100996 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.748126030 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.748142958 CET4434981034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.748255014 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.748282909 CET4434980934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.829245090 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.025401115 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.028295994 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.076147079 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.148016930 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.401612997 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.456135988 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.979697943 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.979815006 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.983043909 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.983076096 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.983300924 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.986047983 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.986171961 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.986186981 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.986258030 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.988825083 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.030090094 CET4434981034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.030177116 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.030224085 CET4434980934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.030281067 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.033437014 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.033457041 CET4434981034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.033715010 CET4434981034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.035933971 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.035958052 CET4434980934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.036206007 CET4434980934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.039290905 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.039407969 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.039504051 CET4434981034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.039942026 CET49810443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.039990902 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.040020943 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.040167093 CET4434980934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.040366888 CET49809443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.108345032 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.303761959 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.306571960 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.359153032 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.427042007 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.438246965 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.438323021 CET4969380192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.438446999 CET4969280192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.559154987 CET4434969140.126.53.15192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.559237957 CET49691443192.168.2.1640.126.53.15
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.560012102 CET8049693192.229.221.95192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.560030937 CET8049692199.232.214.172192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.560081005 CET4969380192.168.2.16192.229.221.95
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.560131073 CET4969280192.168.2.16199.232.214.172
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.620690107 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.675141096 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:17.313174009 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:17.432812929 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:17.627181053 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:17.746864080 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:27.447199106 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:27.567687035 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:27.748225927 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:27.867830038 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:37.567404985 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:37.687067986 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:37.881238937 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.000884056 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.415184021 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.415237904 CET4434981234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.415333986 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.417093039 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.417120934 CET4434981234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.664587021 CET4434981234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.664710999 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.672363997 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.672379017 CET4434981234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.672487974 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.672578096 CET4434981234.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.672642946 CET49812443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.676759005 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.796248913 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.994606018 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.003635883 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.045382977 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.123445034 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.317697048 CET804974834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.360346079 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:50.013246059 CET4974980192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:50.133146048 CET804974934.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:50.330251932 CET4974880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:50.449842930 CET804974834.107.221.82192.168.2.16

                                                                                                                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.099473953 CET53564781.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.141863108 CET53568231.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.186000109 CET5180353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.186482906 CET5262953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.322961092 CET53518031.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.323230028 CET53526291.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:54.886945009 CET53617531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:55.999912024 CET53600271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.093935013 CET6483853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.136658907 CET6216753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.136814117 CET5666453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.231889963 CET53648381.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.232811928 CET6395553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.272639036 CET53575501.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.274394035 CET53621671.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.370626926 CET53639551.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.375056028 CET53566641.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.381195068 CET5719553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.381341934 CET5596753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.518402100 CET53571951.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.518505096 CET53559671.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.144076109 CET5122753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.664860964 CET4973953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.803467989 CET53497391.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.804351091 CET5106653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.950653076 CET53510661.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.365060091 CET5280053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.382713079 CET6169353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.483748913 CET5863153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.503272057 CET53528001.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.504370928 CET6474953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.528563023 CET53616931.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.529618025 CET5136253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET53586311.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.623948097 CET5428753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.624166012 CET5322853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.642210960 CET53647491.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.645569086 CET5984753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.667268038 CET53513621.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.668169975 CET6037053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET53532281.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.762207031 CET5263553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.763164043 CET53542871.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.786711931 CET53598471.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.789246082 CET5058453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.805237055 CET53603701.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.820887089 CET5570953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.899156094 CET53526351.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.900201082 CET5109453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.928224087 CET53505841.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.929127932 CET5928053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.958486080 CET53557091.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.959556103 CET6029953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.039773941 CET53510941.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.041105986 CET4937753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.065812111 CET53592801.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.066704035 CET6172753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.117923975 CET53602991.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.118788958 CET5351953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.178791046 CET53493771.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.179510117 CET5223653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.204965115 CET53617271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.211707115 CET5288153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.256145954 CET53535191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.272036076 CET6305353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.348926067 CET53528811.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.363502979 CET5150153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.408577919 CET53522361.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.412288904 CET53630531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.416760921 CET4974453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.417038918 CET4986153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.513607979 CET53515011.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.519524097 CET6414953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.554393053 CET53498611.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.554405928 CET53497441.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.555093050 CET4985353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.616035938 CET6371353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.616086006 CET6548853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.657509089 CET53641491.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.664169073 CET6441953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.694257021 CET53498531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.706604958 CET5607953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.754287958 CET6025253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.757263899 CET53637131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.760694027 CET53654881.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.849385023 CET53560791.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.851053953 CET5849953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.987776995 CET53584991.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.988457918 CET6436353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.126789093 CET53643631.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.323012114 CET53592701.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.691361904 CET5548853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.828763008 CET53554881.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.840982914 CET6160153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.978405952 CET53616011.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.991014004 CET6241153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.070616961 CET5871153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.130774021 CET53624111.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.220082045 CET53587111.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.221048117 CET5605053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.358042002 CET53560501.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.326617002 CET5087053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.463674068 CET53508701.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.978302002 CET53534721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.500902891 CET6158453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.640379906 CET53615841.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.531919003 CET5935853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131350040 CET5808053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.268395901 CET53580801.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302572012 CET5682953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.439935923 CET53568291.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:23.622628927 CET5918653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:23.760040045 CET53591861.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:30.820534945 CET53522201.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.308135033 CET5782853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.308865070 CET5506853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.445619106 CET53550681.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.445848942 CET53578281.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.447175026 CET5505453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507416010 CET4916453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507559061 CET6490853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.583842993 CET53550541.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.584676981 CET6102353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.644560099 CET53649081.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.645499945 CET53491641.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.646117926 CET5575253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.721702099 CET53610231.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784096956 CET53557521.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784960032 CET5631453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.922864914 CET53563141.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.279606104 CET5244953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.421047926 CET53524491.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.422276020 CET5467553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.560055971 CET53546751.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.560848951 CET5704953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.698580027 CET53570491.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:41.134996891 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.274725914 CET5088653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:52.071784019 CET53572401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:53.283595085 CET53633591.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.283238888 CET4994853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.420556068 CET53499481.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.507045984 CET6514753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376341105 CET5896153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.513680935 CET53589611.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:14.823420048 CET53506641.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.276539087 CET5694053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.414055109 CET53569401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.415275097 CET5796953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.552530050 CET53579691.1.1.1192.168.2.16

                                                                                                                                                                                                                                                                                                                                                                                                  ICMP Packets

                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.375129938 CET192.168.2.161.1.1.1c238(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.186000109 CET192.168.2.161.1.1.10x8aa7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.186482906 CET192.168.2.161.1.1.10x63fStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.093935013 CET192.168.2.161.1.1.10x83f0Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.136658907 CET192.168.2.161.1.1.10x79a6Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.136814117 CET192.168.2.161.1.1.10x42ffStandard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.232811928 CET192.168.2.161.1.1.10x574bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.381195068 CET192.168.2.161.1.1.10x7fdfStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.381341934 CET192.168.2.161.1.1.10xa500Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.144076109 CET192.168.2.161.1.1.10x166eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.664860964 CET192.168.2.161.1.1.10x8e09Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.804351091 CET192.168.2.161.1.1.10xd4e0Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.365060091 CET192.168.2.161.1.1.10x2555Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.382713079 CET192.168.2.161.1.1.10x9053Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.483748913 CET192.168.2.161.1.1.10x6bf8Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.504370928 CET192.168.2.161.1.1.10x8644Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.529618025 CET192.168.2.161.1.1.10xde91Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.623948097 CET192.168.2.161.1.1.10xeaedStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.624166012 CET192.168.2.161.1.1.10x144aStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.645569086 CET192.168.2.161.1.1.10x260eStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.668169975 CET192.168.2.161.1.1.10x27f6Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.762207031 CET192.168.2.161.1.1.10x52afStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.789246082 CET192.168.2.161.1.1.10xc128Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.820887089 CET192.168.2.161.1.1.10x7e2bStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.900201082 CET192.168.2.161.1.1.10x9410Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.929127932 CET192.168.2.161.1.1.10xefb4Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.959556103 CET192.168.2.161.1.1.10xd852Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.041105986 CET192.168.2.161.1.1.10x3fc9Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.066704035 CET192.168.2.161.1.1.10xa99cStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.118788958 CET192.168.2.161.1.1.10x18abStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.179510117 CET192.168.2.161.1.1.10xa70eStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.211707115 CET192.168.2.161.1.1.10xdc5fStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.272036076 CET192.168.2.161.1.1.10x63f6Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.363502979 CET192.168.2.161.1.1.10x6912Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.416760921 CET192.168.2.161.1.1.10xa955Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.417038918 CET192.168.2.161.1.1.10x420dStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.519524097 CET192.168.2.161.1.1.10x2046Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.555093050 CET192.168.2.161.1.1.10x1932Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.616035938 CET192.168.2.161.1.1.10xcb0dStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.616086006 CET192.168.2.161.1.1.10x588bStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.664169073 CET192.168.2.161.1.1.10x636eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.706604958 CET192.168.2.161.1.1.10x5a93Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.754287958 CET192.168.2.161.1.1.10x43aStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.851053953 CET192.168.2.161.1.1.10xe664Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.988457918 CET192.168.2.161.1.1.10x67daStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.691361904 CET192.168.2.161.1.1.10x549dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.840982914 CET192.168.2.161.1.1.10xb4ccStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.991014004 CET192.168.2.161.1.1.10x8658Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.070616961 CET192.168.2.161.1.1.10xa035Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.221048117 CET192.168.2.161.1.1.10x448bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.326617002 CET192.168.2.161.1.1.10xb2deStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.500902891 CET192.168.2.161.1.1.10xe20eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.531919003 CET192.168.2.161.1.1.10xa389Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.131350040 CET192.168.2.161.1.1.10xeb09Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.302572012 CET192.168.2.161.1.1.10x3137Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:23.622628927 CET192.168.2.161.1.1.10x2646Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.308135033 CET192.168.2.161.1.1.10x1231Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.308865070 CET192.168.2.161.1.1.10xe865Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.447175026 CET192.168.2.161.1.1.10xb115Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507416010 CET192.168.2.161.1.1.10x9676Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.507559061 CET192.168.2.161.1.1.10xcdf9Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.584676981 CET192.168.2.161.1.1.10xb379Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.646117926 CET192.168.2.161.1.1.10x509aStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784960032 CET192.168.2.161.1.1.10x22d3Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.279606104 CET192.168.2.161.1.1.10xeb1Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.422276020 CET192.168.2.161.1.1.10xebb7Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.560848951 CET192.168.2.161.1.1.10x9fbfStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.274725914 CET192.168.2.161.1.1.10xa0dcStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.283238888 CET192.168.2.161.1.1.10x84b0Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.507045984 CET192.168.2.161.1.1.10xf37bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.376341105 CET192.168.2.161.1.1.10x4cc5Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.276539087 CET192.168.2.161.1.1.10xe48dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.415275097 CET192.168.2.161.1.1.10x2d33Standard query (0)push.services.mozilla.com28IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.322961092 CET1.1.1.1192.168.2.160x8aa7No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:52.323230028 CET1.1.1.1192.168.2.160x63fNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.085813046 CET1.1.1.1192.168.2.160x3319No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.231889963 CET1.1.1.1192.168.2.160x83f0No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.274394035 CET1.1.1.1192.168.2.160x79a6No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.274394035 CET1.1.1.1192.168.2.160x79a6No error (0)plus.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:14:59.375056028 CET1.1.1.1192.168.2.160x42ffNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:00.518402100 CET1.1.1.1192.168.2.160x7fdfNo error (0)play.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.281091928 CET1.1.1.1192.168.2.160x166eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.281091928 CET1.1.1.1192.168.2.160x166eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.803467989 CET1.1.1.1192.168.2.160x8e09No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:01.950653076 CET1.1.1.1192.168.2.160xd4e0No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.503272057 CET1.1.1.1192.168.2.160x2555No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.528563023 CET1.1.1.1192.168.2.160x9053No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.528563023 CET1.1.1.1192.168.2.160x9053No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.622103930 CET1.1.1.1192.168.2.160x6bf8No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.624253988 CET1.1.1.1192.168.2.160xd2bNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.624253988 CET1.1.1.1192.168.2.160xd2bNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.642210960 CET1.1.1.1192.168.2.160x8644No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.642210960 CET1.1.1.1192.168.2.160x8644No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.667268038 CET1.1.1.1192.168.2.160xde91No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.667268038 CET1.1.1.1192.168.2.160xde91No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.761198044 CET1.1.1.1192.168.2.160x144aNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.763164043 CET1.1.1.1192.168.2.160xeaedNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.763164043 CET1.1.1.1192.168.2.160xeaedNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.763164043 CET1.1.1.1192.168.2.160xeaedNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.786711931 CET1.1.1.1192.168.2.160x260eNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.805237055 CET1.1.1.1192.168.2.160x27f6No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.899156094 CET1.1.1.1192.168.2.160x52afNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.899156094 CET1.1.1.1192.168.2.160x52afNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.899156094 CET1.1.1.1192.168.2.160x52afNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.899156094 CET1.1.1.1192.168.2.160x52afNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.928224087 CET1.1.1.1192.168.2.160xc128No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.958486080 CET1.1.1.1192.168.2.160x7e2bNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.039773941 CET1.1.1.1192.168.2.160x9410No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.039773941 CET1.1.1.1192.168.2.160x9410No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.039773941 CET1.1.1.1192.168.2.160x9410No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.039773941 CET1.1.1.1192.168.2.160x9410No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.039773941 CET1.1.1.1192.168.2.160x9410No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.065812111 CET1.1.1.1192.168.2.160xefb4No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.117923975 CET1.1.1.1192.168.2.160xd852No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.178791046 CET1.1.1.1192.168.2.160x3fc9No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.178791046 CET1.1.1.1192.168.2.160x3fc9No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.178791046 CET1.1.1.1192.168.2.160x3fc9No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.178791046 CET1.1.1.1192.168.2.160x3fc9No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.204965115 CET1.1.1.1192.168.2.160xa99cNo error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.412288904 CET1.1.1.1192.168.2.160x63f6No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.513607979 CET1.1.1.1192.168.2.160x6912No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.554393053 CET1.1.1.1192.168.2.160x420dNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.694257021 CET1.1.1.1192.168.2.160x1932No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.757263899 CET1.1.1.1192.168.2.160xcb0dNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.760694027 CET1.1.1.1192.168.2.160x588bNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.760694027 CET1.1.1.1192.168.2.160x588bNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.804287910 CET1.1.1.1192.168.2.160x636eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.804287910 CET1.1.1.1192.168.2.160x636eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.849385023 CET1.1.1.1192.168.2.160x5a93No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.849385023 CET1.1.1.1192.168.2.160x5a93No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.964967966 CET1.1.1.1192.168.2.160x43aNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.987776995 CET1.1.1.1192.168.2.160xe664No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.828763008 CET1.1.1.1192.168.2.160x549dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.978405952 CET1.1.1.1192.168.2.160xb4ccNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.065500975 CET1.1.1.1192.168.2.160xd2aaNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.065500975 CET1.1.1.1192.168.2.160xd2aaNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.069055080 CET1.1.1.1192.168.2.160x61a2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.220082045 CET1.1.1.1192.168.2.160xa035No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.638417006 CET1.1.1.1192.168.2.160x7ce2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.671642065 CET1.1.1.1192.168.2.160xa389No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.671642065 CET1.1.1.1192.168.2.160xa389No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.445848942 CET1.1.1.1192.168.2.160x1231No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.583842993 CET1.1.1.1192.168.2.160xb115No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.644560099 CET1.1.1.1192.168.2.160xcdf9No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.644560099 CET1.1.1.1192.168.2.160xcdf9No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.644560099 CET1.1.1.1192.168.2.160xcdf9No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.644560099 CET1.1.1.1192.168.2.160xcdf9No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784096956 CET1.1.1.1192.168.2.160x509aNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784096956 CET1.1.1.1192.168.2.160x509aNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784096956 CET1.1.1.1192.168.2.160x509aNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.784096956 CET1.1.1.1192.168.2.160x509aNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.922864914 CET1.1.1.1192.168.2.160x22d3No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.922864914 CET1.1.1.1192.168.2.160x22d3No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.922864914 CET1.1.1.1192.168.2.160x22d3No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.922864914 CET1.1.1.1192.168.2.160x22d3No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.408958912 CET1.1.1.1192.168.2.160x2920No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.408958912 CET1.1.1.1192.168.2.160x2920No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.421047926 CET1.1.1.1192.168.2.160xeb1No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.421047926 CET1.1.1.1192.168.2.160xeb1No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.560055971 CET1.1.1.1192.168.2.160xebb7No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.233835936 CET1.1.1.1192.168.2.160x96aNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.233835936 CET1.1.1.1192.168.2.160x96aNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.775930882 CET1.1.1.1192.168.2.160xa0dcNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.775930882 CET1.1.1.1192.168.2.160xa0dcNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.645153999 CET1.1.1.1192.168.2.160xf37bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.645153999 CET1.1.1.1192.168.2.160xf37bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:00.012742043 CET1.1.1.1192.168.2.160x2b89No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:29.912904978 CET1.1.1.1192.168.2.160x5c0aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:38.414055109 CET1.1.1.1192.168.2.160xe48dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  • apis.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  • play.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  0192.168.2.164973734.107.221.82804184C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:02.071444035 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.159023046 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 43538
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.755131960 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.069658041 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 43538
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                  1192.168.2.164974434.107.221.8280
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:03.927973032 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  2192.168.2.164974834.107.221.82804184C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.610652924 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.695781946 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45612
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.705001116 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:06.018783092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45612
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:15.826947927 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.145840883 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45622
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.534729004 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.850744963 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45625
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.353853941 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.669151068 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45626
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.023130894 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.337449074 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45633
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.305537939 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:31.662722111 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45638
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.701525927 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.015861988 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45646
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.484961033 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.799127102 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45647
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.773636103 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:46.087907076 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45652
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.097173929 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.826163054 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:57.142009020 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45663
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.788490057 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.102855921 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45671
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.028295994 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.401612997 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45673
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.306571960 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.620690107 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45674
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:17.627181053 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:27.748225927 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:37.881238937 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.003635883 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:40.317697048 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 45707
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:50.330251932 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  3192.168.2.164974934.107.221.82804184C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:04.611588001 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:05.696947098 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30016
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.324995995 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:11.640516043 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30022
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.137401104 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:13.452183962 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30024
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.396476030 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:16.714657068 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30027
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:18.814055920 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:19.129700899 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30029
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:22.027978897 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:22.346774101 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30033
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.025765896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:26.342816114 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30037
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.272659063 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:35.597800970 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30046
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:39.708306074 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:40.023030996 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30050
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.274627924 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:45.594082117 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30056
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:55.605232954 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.507138014 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:15:56.822325945 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30067
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.470527887 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:04.785446882 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30075
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:05.709611893 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.025401115 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30076
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:06.988825083 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:07.303761959 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30078
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:17.313174009 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:27.447199106 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:37.567404985 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.676759005 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:39.994606018 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 13:54:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 30110
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                                  Dec 19, 2024 23:16:50.013246059 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  0192.168.2.1649709142.250.181.1324436196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 22:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce--hY56NHnC_VFE-UswWs4NQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC124INData Raw: 33 32 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 72 75 73 68 20 34 30 20 73 65 67 61 20 6c 61 77 73 75 69 74 22 2c 22 72 75 73 73 69 61 6e 20 61 69 72 63 72 61 66 74 20 6e 65 61 72 20 61 6c 61 73 6b 61 22 2c 22 61 70 70 6c 65 20 69 6f 73 20 31 38 2e 33 22 2c 22 6e 66 6c 20 70 6f 77 65 72 20 72 61 6e 6b 69 6e 67 73 20 77 65 65 6b 20 31 36 22 2c 22 63 68 72 69 73 74 6f
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 324)]}'["",["crush 40 sega lawsuit","russian aircraft near alaska","apple ios 18.3","nfl power rankings week 16","christo
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC687INData Raw: 70 68 65 72 20 72 65 6e 73 74 72 6f 6d 20 68 6f 72 6f 73 63 6f 70 65 73 22 2c 22 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 20 73 74 75 63 6b 20 69 6e 20 73 70 61 63 65 22 2c 22 76 61 6e 75 61 74 75 20 65 61 72 74 68 71 75 61 6b 65 73 22 2c 22 61 74 74 20 65 6d 70 6c 6f 79 65 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: pher renstrom horoscopes","nasa astronauts stuck in space","vanuatu earthquakes","att employees"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestde
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  1192.168.2.1649712142.250.181.1324436196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 22:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC372INData Raw: 31 33 37 33 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 1373)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC445INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC952INData Raw: 33 62 31 0d 0a 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 5c 5c 39 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 69 6d 61 67 65 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 20 67 62 5f 6f 64 5c 22 5c 75 30 30 33 65 5c 75 30 30
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 3b1\" style\u003d\"border:none;display:none \\9\"\u003e\u003c\/image\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_a gb_od\"\u003e\u00
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 38 30 30 30 0d 0a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 36 31 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 8000"menu-content","metadata":{"bar_height":60,"experiment_id":[3700261,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(functi
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{con
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 2e 54 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: .Td)return a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC1390INData Raw: 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  2192.168.2.1649713142.250.181.1324436196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:54 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 22:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:14:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  3192.168.2.1649730172.217.17.784436196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC729OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: apis.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC915INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 117446
                                                                                                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                  Server: sffe
                                                                                                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 04:11:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Expires: Fri, 19 Dec 2025 04:11:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                  Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                  Age: 65035
                                                                                                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC475INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: lue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: unction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototyp
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: one)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regula
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Er
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: his[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototy
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: tion(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.ne
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:01 UTC1390INData Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ay.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("St


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  4192.168.2.1649732142.250.181.1104436196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:02 UTC722OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: play.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 913
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:02 UTC913OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 36 34 36 34 39 38 32 34 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734646498247",null,null,null,
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:02 UTC942INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: NID=520=nccK-Jfp3Lw-kSQLBHsf-o8_IftqQZ7f_ENnYGMbXZbhTqNTOL5BfKX2PpBfCJFJ_31kvZny-Mvx1Hq_NuEQ4zHC8oaOwxpDB25NUBBfmU289WGKifheh4jbmbxMgBjd8Jn0Q1mdgmzFsrn0X9bEwzR9EF5JNvqDMSb6pG-etDvuVfKGs9tGFQwA; expires=Fri, 20-Jun-2025 22:15:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 22:15:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Server: Playlog
                                                                                                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                  Expires: Thu, 19 Dec 2024 22:15:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:02 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                  5192.168.2.1649752142.250.181.1104436196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:07 UTC924OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                  Host: play.google.com
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 919
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                  Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                                                  Cookie: NID=520=nccK-Jfp3Lw-kSQLBHsf-o8_IftqQZ7f_ENnYGMbXZbhTqNTOL5BfKX2PpBfCJFJ_31kvZny-Mvx1Hq_NuEQ4zHC8oaOwxpDB25NUBBfmU289WGKifheh4jbmbxMgBjd8Jn0Q1mdgmzFsrn0X9bEwzR9EF5JNvqDMSb6pG-etDvuVfKGs9tGFQwA
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:07 UTC919OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 36 34 36 35 30 33 33 39 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734646503390",null,null,null,
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:07 UTC950INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: NID=520=FiNhcuL6sePd6KBjLKPFbOaT35LzaClS1CwY6dUOB7_aqIFXy5TD6TVatO1yhJRXNq0eMTQAQcF-blxJjxICAf9apW2rlHTRU3aEfUdBAqLuYJZWwsBEQG_fgZG22-h3s66k1xRbtxE4TcZS9itQrKlYMSTQI-ktV_y9M6NnfA0ov9rkAS1cYHJI0OsP0JDO; expires=Fri, 20-Jun-2025 22:15:07 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                  Date: Thu, 19 Dec 2024 22:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Server: Playlog
                                                                                                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                  Expires: Thu, 19 Dec 2024 22:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:07 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                                                                                                  2024-12-19 22:15:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:33
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7a4500000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:123'984 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:46
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap28794:76:7zEvent23616
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x8b0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:700'416 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:50F289DF0C19484E970849AAC4E6F977
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:50
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:50
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1976,i,12126770736487860742,9074407997939773988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:55
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:55
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:56
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca1f93b-892a-4cf5-96f3-919450b7d7c4} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e66bf10 socket
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:14:58
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1296 -parentBuildID 20230927232528 -prefsHandle 1012 -prefMapHandle 3740 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {808291e4-2907-4e3f-a658-f7c702fa90e6} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b0e642c10 rdd
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:00
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\cmd.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:00
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:05
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5148 -prefMapHandle 5132 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd672c1d-b325-458e-8e64-4058bac39e4d} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 25b1c03df10 utility
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:14
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:regsvr32 /s dbghelp.dll
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7af4f0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:19
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 dbghelp.dll,#1
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:26
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 wintrust.dll,#1
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:26
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 4836 -s 348
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7ade70000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:32
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 help.dll,#1
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:41
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:regsvr32 /s help.dll
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7af4f0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:43
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 help.dll,#2
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:44
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 7488 -s 360
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7ade70000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:15:45
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 help.dll,#3
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:16:13
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 wintrust.dll,#16
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                                                                                                                                                                                                                  Start time:17:16:18
                                                                                                                                                                                                                                                                                                                                                                                                  Start date:19/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32 wintrust.dll,#161
                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7018a0000
                                                                                                                                                                                                                                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:0.3%
                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 5005 242c8379f77 5006 242c8379f87 NtQuerySystemInformation 5005->5006 5007 242c8379f24 5006->5007 5008 242c83721f2 5009 242c8372249 NtQuerySystemInformation 5008->5009 5010 242c83705c4 5008->5010 5009->5010

                                                                                                                                                                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                    Function 00000242C83721F2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000013.00000002.2489807247.00000242C8370000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8370000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_242c8370000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 611622fe021ff4f6f4075bddb6f0bffad66e162bd392c0a86a6fb1e1f4332f82
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFA30631718A498BDB2DDF19CC856A9B3E5FB98301F54522EE84BC7251DF34EA068BC1
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00000242C8379F77 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000013.00000002.2489807247.00000242C8370000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8370000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_242c8370000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e48e526ef5f27c1cced2ab54a30c0ddd29e53d80ff9e1ad477b5d4905fec79ef
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01A3F631614A488BDB2DDF29CC857A9B3E5FB95301F45923EE94BC3241DF30EA468AC1
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00000242C8372232 Relevance: 4.6, Strings: 3, Instructions: 887COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000013.00000002.2489807247.00000242C8370000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8370000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_242c8370000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: #$4$z
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-222932584
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f12bc94a441b99678d1f37fd838eb33403ab1c1100704a4327215b314ffab7c
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a6b486aff3888f2c4cd62396df105646acc5973c2fe7f63cf056679c745c30d
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f12bc94a441b99678d1f37fd838eb33403ab1c1100704a4327215b314ffab7c
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5152B331614E4DCBEB2AEF28DC896E9B3E4FB54301F44522AE84AC7155DF34EA458BC1
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00000242C8364F43 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 2852 242c8364f43-242c8364f83 2853 242c8364f87-242c8364f89 2852->2853 2854 242c8364fdf-242c8364ff1 2853->2854 2855 242c8364f8b-242c8364fc2 2853->2855 2855->2854
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000013.00000002.2489167094.00000242C8364000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8364000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_242c8364000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: }
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-4239843852
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 99d6991b441f76bb9cc0b986ebd1b7bb7e887c949c31c37f476c31793f35bb92
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5202f0c3fcbb2bd55fbf708662266d0e0bf4509de7d8902e7d730b625580c94b
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99d6991b441f76bb9cc0b986ebd1b7bb7e887c949c31c37f476c31793f35bb92
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC11613151CB8D8FD785EF28C884B56BBE4FB5A314F1406AFE49AC3291D734D9498B82

                                                                                                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                    Function 00000242C837291C Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000013.00000002.2489807247.00000242C8370000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000242C8370000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_242c8370000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2fa4645b680d34bee22a3500d205d04f87224c646c510b3238a6d81739ab6236
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 765db27659c334149fbbb18c11d76fd3062b14fbf58a760933ab5ae3aaa5f54b
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa4645b680d34bee22a3500d205d04f87224c646c510b3238a6d81739ab6236
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BB1E331B5C2940B871CC92D486707AF7D7E7CA60AB24E23EE9C7C7289DD3484539AC6

                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:2.4%
                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:2.5%
                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:1377
                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:24
                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 12342 7fff46f8f8d4 12343 7fff46f8f8fa 12342->12343 12347 7fff46f8f937 12343->12347 12348 7fff46f8f902 12343->12348 12350 7fff46f8f780 12343->12350 12345 7fff46f8f97c 12346 7fff46f8f780 139 API calls 12345->12346 12345->12348 12346->12348 12347->12345 12347->12348 12349 7fff46f8f780 139 API calls 12347->12349 12349->12345 12351 7fff46f8f80f 12350->12351 12352 7fff46f8f792 12350->12352 12354 7fff46f8f860 12351->12354 12360 7fff46f8f813 12351->12360 12394 7fff46f920e4 HeapCreate 12352->12394 12356 7fff46f8f8bb 12354->12356 12357 7fff46f8f865 12354->12357 12372 7fff46f8f79b 12356->12372 12493 7fff46f91b44 12356->12493 12361 7fff46f93d20 __onexitinit 62 API calls 12357->12361 12362 7fff46f94bf8 63 API calls 12360->12362 12360->12372 12381 7fff46f8f84a 12360->12381 12365 7fff46f8f879 12361->12365 12366 7fff46f8f840 12362->12366 12363 7fff46f8f7ab 12478 7fff46f9213c HeapDestroy 12363->12478 12364 7fff46f8f7a7 _RTC_Initialize 12364->12363 12371 7fff46f8f7b7 GetCommandLineA 12364->12371 12369 7fff46f8f885 FlsSetValue 12365->12369 12365->12372 12370 7fff46f91888 65 API calls 12366->12370 12367 7fff46f91888 65 API calls 12367->12372 12373 7fff46f8f89b 12369->12373 12374 7fff46f8f8b1 12369->12374 12375 7fff46f8f845 12370->12375 12415 7fff46f95064 GetEnvironmentStringsW 12371->12415 12372->12347 12379 7fff46f918b0 __getgmtimebuf 62 API calls 12373->12379 12378 7fff46f8ea24 free 62 API calls 12374->12378 12492 7fff46f9213c HeapDestroy 12375->12492 12378->12372 12380 7fff46f8f8a2 GetCurrentThreadId 12379->12380 12380->12372 12381->12367 12381->12372 12385 7fff46f8f7d9 12479 7fff46f91888 12385->12479 12389 7fff46f8f7f9 12389->12372 12487 7fff46f94bf8 12389->12487 12395 7fff46f9210c GetVersion 12394->12395 12396 7fff46f8f797 12394->12396 12397 7fff46f92130 12395->12397 12398 7fff46f92116 HeapSetInformation 12395->12398 12396->12372 12399 7fff46f91b84 12396->12399 12397->12396 12398->12397 12499 7fff46f8f43c 12399->12499 12401 7fff46f91b8f 12503 7fff46f9427c 12401->12503 12404 7fff46f91bf8 12407 7fff46f91888 65 API calls 12404->12407 12405 7fff46f91b98 FlsAlloc 12405->12404 12406 7fff46f91bb0 12405->12406 12408 7fff46f93d20 __onexitinit 62 API calls 12406->12408 12409 7fff46f91bfd 12407->12409 12410 7fff46f91bbf 12408->12410 12409->12364 12410->12404 12411 7fff46f91bc7 FlsSetValue 12410->12411 12411->12404 12412 7fff46f91bda 12411->12412 12413 7fff46f918b0 __getgmtimebuf 62 API calls 12412->12413 12414 7fff46f91be4 GetCurrentThreadId 12413->12414 12414->12409 12416 7fff46f8f7c9 12415->12416 12420 7fff46f95092 WideCharToMultiByte 12415->12420 12428 7fff46f94924 GetStartupInfoW 12416->12428 12418 7fff46f950e1 12421 7fff46f93ca0 _getbuf 62 API calls 12418->12421 12419 7fff46f95132 FreeEnvironmentStringsW 12419->12416 12420->12418 12420->12419 12422 7fff46f950e9 12421->12422 12422->12419 12423 7fff46f950f1 WideCharToMultiByte 12422->12423 12424 7fff46f95119 12423->12424 12425 7fff46f95124 FreeEnvironmentStringsW 12423->12425 12426 7fff46f8ea24 free 62 API calls 12424->12426 12425->12416 12427 7fff46f95121 12426->12427 12427->12425 12429 7fff46f93d20 __onexitinit 62 API calls 12428->12429 12440 7fff46f9495a 12429->12440 12430 7fff46f8f7d5 12430->12385 12441 7fff46f94f6c 12430->12441 12431 7fff46f94b31 GetStdHandle 12436 7fff46f94b0c 12431->12436 12432 7fff46f93d20 __onexitinit 62 API calls 12432->12440 12433 7fff46f94b61 GetFileType 12433->12436 12434 7fff46f94bca SetHandleCount 12434->12430 12435 7fff46f94a81 12435->12436 12438 7fff46f94aba InitializeCriticalSectionAndSpinCount 12435->12438 12439 7fff46f94aac GetFileType 12435->12439 12436->12431 12436->12433 12436->12434 12437 7fff46f94b8b InitializeCriticalSectionAndSpinCount 12436->12437 12437->12430 12437->12436 12438->12430 12438->12435 12439->12435 12439->12438 12440->12430 12440->12432 12440->12435 12440->12436 12440->12440 12442 7fff46f94f89 GetModuleFileNameA 12441->12442 12443 7fff46f94f84 12441->12443 12445 7fff46f94fbb 12442->12445 12514 7fff46f914bc 12443->12514 12508 7fff46f94d9c 12445->12508 12448 7fff46f8f7e5 12448->12389 12454 7fff46f94c6c 12448->12454 12449 7fff46f95007 12450 7fff46f93ca0 _getbuf 62 API calls 12449->12450 12451 7fff46f9500f 12450->12451 12451->12448 12452 7fff46f94d9c __setargv 62 API calls 12451->12452 12453 7fff46f95035 12452->12453 12453->12448 12455 7fff46f94c89 12454->12455 12459 7fff46f94c8e sprintf 12454->12459 12456 7fff46f914bc __initmbctable 76 API calls 12455->12456 12456->12459 12457 7fff46f8f7ee 12457->12389 12470 7fff46f8f4f0 12457->12470 12458 7fff46f93d20 __onexitinit 62 API calls 12466 7fff46f94ccd sprintf 12458->12466 12459->12457 12459->12458 12460 7fff46f94d31 12461 7fff46f8ea24 free 62 API calls 12460->12461 12461->12457 12462 7fff46f93d20 __onexitinit 62 API calls 12462->12466 12463 7fff46f94d83 12464 7fff46f8ea24 free 62 API calls 12463->12464 12464->12457 12465 7fff46f92664 __wtomb_environ 62 API calls 12465->12466 12466->12457 12466->12460 12466->12462 12466->12463 12466->12465 12467 7fff46f94d6d 12466->12467 12468 7fff46f90a08 __wtomb_environ 16 API calls 12467->12468 12469 7fff46f94d82 12468->12469 12469->12463 12471 7fff46f8f506 _cinit 12470->12471 12603 7fff46f9481c 12471->12603 12473 7fff46f8f523 _initterm_e 12474 7fff46f925b8 _cinit 73 API calls 12473->12474 12475 7fff46f8f569 _cinit 12473->12475 12476 7fff46f8f546 12474->12476 12475->12389 12476->12475 12606 7fff46f9f6c0 12476->12606 12478->12372 12480 7fff46f91897 FlsFree 12479->12480 12481 7fff46f918a4 12479->12481 12480->12481 12482 7fff46f94330 DeleteCriticalSection 12481->12482 12483 7fff46f9434e 12481->12483 12484 7fff46f8ea24 free 62 API calls 12482->12484 12485 7fff46f94363 DeleteCriticalSection 12483->12485 12486 7fff46f94372 12483->12486 12484->12481 12485->12483 12486->12363 12489 7fff46f94c13 12487->12489 12488 7fff46f94c5b 12488->12385 12489->12488 12490 7fff46f94c2a DeleteCriticalSection 12489->12490 12491 7fff46f8ea24 free 62 API calls 12489->12491 12490->12489 12491->12489 12492->12381 12494 7fff46f91b58 12493->12494 12495 7fff46f91b7c 12493->12495 12496 7fff46f91b6c FlsSetValue 12494->12496 12497 7fff46f91b5d FlsGetValue 12494->12497 12495->12372 12642 7fff46f91a10 12496->12642 12497->12496 12507 7fff46f91860 EncodePointer 12499->12507 12501 7fff46f8f447 _initp_misc_winsig 12502 7fff46f94518 EncodePointer 12501->12502 12502->12401 12504 7fff46f9429f 12503->12504 12505 7fff46f942a5 InitializeCriticalSectionAndSpinCount 12504->12505 12506 7fff46f91b94 12504->12506 12505->12504 12505->12506 12506->12404 12506->12405 12510 7fff46f94ddb 12508->12510 12512 7fff46f94e43 12510->12512 12518 7fff46f97910 12510->12518 12511 7fff46f94f3f 12511->12448 12511->12449 12512->12511 12513 7fff46f97910 __setargv 62 API calls 12512->12513 12513->12512 12515 7fff46f914c9 12514->12515 12516 7fff46f914d3 12514->12516 12522 7fff46f912dc 12515->12522 12516->12442 12519 7fff46f97894 12518->12519 12520 7fff46f8e810 sprintf 62 API calls 12519->12520 12521 7fff46f978b8 12520->12521 12521->12510 12523 7fff46f919ec _getptd 62 API calls 12522->12523 12524 7fff46f91300 12523->12524 12525 7fff46f90f18 __initmbctable 62 API calls 12524->12525 12526 7fff46f91308 12525->12526 12546 7fff46f90fd4 12526->12546 12529 7fff46f93ca0 _getbuf 62 API calls 12530 7fff46f9132c __initmbctable 12529->12530 12540 7fff46f9146f 12530->12540 12553 7fff46f91064 12530->12553 12533 7fff46f91471 12536 7fff46f9148a 12533->12536 12537 7fff46f8ea24 free 62 API calls 12533->12537 12533->12540 12534 7fff46f91367 12535 7fff46f9138b 12534->12535 12539 7fff46f8ea24 free 62 API calls 12534->12539 12535->12540 12541 7fff46f94488 _lock 62 API calls 12535->12541 12538 7fff46f90b14 _errno 62 API calls 12536->12538 12537->12536 12538->12540 12539->12535 12540->12516 12542 7fff46f913bb 12541->12542 12543 7fff46f9145e 12542->12543 12545 7fff46f8ea24 free 62 API calls 12542->12545 12563 7fff46f94388 LeaveCriticalSection 12543->12563 12545->12543 12547 7fff46f8e810 sprintf 62 API calls 12546->12547 12548 7fff46f90fe8 12547->12548 12549 7fff46f91019 12548->12549 12550 7fff46f90ff4 GetOEMCP 12548->12550 12551 7fff46f9101e GetACP 12549->12551 12552 7fff46f91004 12549->12552 12550->12552 12551->12552 12552->12529 12552->12540 12554 7fff46f90fd4 __initmbctable 64 API calls 12553->12554 12555 7fff46f9108b 12554->12555 12556 7fff46f91093 __initmbctable 12555->12556 12557 7fff46f910e4 IsValidCodePage 12555->12557 12562 7fff46f9110a sprintf 12555->12562 12558 7fff46f8e750 sprintf 8 API calls 12556->12558 12557->12556 12559 7fff46f910f5 GetCPInfo 12557->12559 12560 7fff46f912c5 12558->12560 12559->12556 12559->12562 12560->12533 12560->12534 12564 7fff46f90d28 GetCPInfo 12562->12564 12565 7fff46f90d75 sprintf 12564->12565 12573 7fff46f90e5b 12564->12573 12566 7fff46f9629c __initmbctable 65 API calls 12565->12566 12567 7fff46f90df7 12566->12567 12574 7fff46f91ed4 12567->12574 12568 7fff46f8e750 sprintf 8 API calls 12570 7fff46f90eff 12568->12570 12570->12556 12572 7fff46f91ed4 __initmbctable 68 API calls 12572->12573 12573->12568 12575 7fff46f8e810 sprintf 62 API calls 12574->12575 12576 7fff46f91ef8 12575->12576 12579 7fff46f91c08 12576->12579 12580 7fff46f91c47 MultiByteToWideChar 12579->12580 12582 7fff46f91caf 12580->12582 12588 7fff46f91cb6 12580->12588 12584 7fff46f8e750 sprintf 8 API calls 12582->12584 12583 7fff46f91d27 MultiByteToWideChar 12585 7fff46f91e99 12583->12585 12586 7fff46f91d4d LCMapStringW 12583->12586 12587 7fff46f90e26 12584->12587 12585->12582 12592 7fff46f8ea24 free 62 API calls 12585->12592 12586->12585 12591 7fff46f91d77 12586->12591 12587->12572 12589 7fff46f91ce1 _flush 12588->12589 12590 7fff46f8ea64 malloc 62 API calls 12588->12590 12589->12582 12589->12583 12590->12589 12593 7fff46f91d82 12591->12593 12596 7fff46f91db9 12591->12596 12592->12582 12593->12585 12594 7fff46f91d95 LCMapStringW 12593->12594 12594->12585 12595 7fff46f91e2b LCMapStringW 12597 7fff46f91e88 12595->12597 12598 7fff46f91e4c WideCharToMultiByte 12595->12598 12599 7fff46f91dd6 _flush 12596->12599 12600 7fff46f8ea64 malloc 62 API calls 12596->12600 12597->12585 12602 7fff46f8ea24 free 62 API calls 12597->12602 12598->12597 12599->12585 12599->12595 12600->12599 12602->12585 12604 7fff46f94832 EncodePointer 12603->12604 12604->12604 12605 7fff46f94847 12604->12605 12605->12473 12609 7fff46f8cca0 12606->12609 12610 7fff46f8ccc7 sprintf 12609->12610 12620 7fff46f8cf44 12609->12620 12612 7fff46f8cce8 GetSystemDirectoryW 12610->12612 12611 7fff46f8e750 sprintf 8 API calls 12613 7fff46f8cff9 12611->12613 12614 7fff46f8cd08 LoadLibraryExW 12612->12614 12615 7fff46f8ccfc 12612->12615 12618 7fff46f8cd8a 16 API calls 12614->12618 12619 7fff46f8cd81 12614->12619 12621 7fff46f9a434 12615->12621 12618->12620 12619->12618 12620->12611 12624 7fff46f9a3b4 12621->12624 12625 7fff46f9a3de 12624->12625 12626 7fff46f9a3c1 12624->12626 12625->12626 12628 7fff46f9a3e6 GetFileAttributesW 12625->12628 12627 7fff46f90b34 __doserrno 62 API calls 12626->12627 12629 7fff46f9a3c6 12627->12629 12630 7fff46f9a3f1 GetLastError 12628->12630 12634 7fff46f9a407 12628->12634 12631 7fff46f90b14 _errno 62 API calls 12629->12631 12632 7fff46f90b54 _close_nolock 62 API calls 12630->12632 12633 7fff46f9a3ce 12631->12633 12641 7fff46f9a3fe 12632->12641 12635 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12633->12635 12637 7fff46f90b34 __doserrno 62 API calls 12634->12637 12638 7fff46f9a3da 12634->12638 12635->12638 12636 7fff46f90b14 _errno 62 API calls 12636->12638 12639 7fff46f9a419 12637->12639 12638->12614 12640 7fff46f90b14 _errno 62 API calls 12639->12640 12640->12641 12641->12636 12643 7fff46f91a19 12642->12643 12644 7fff46f91b38 12642->12644 12645 7fff46f91a34 12643->12645 12646 7fff46f8ea24 free 62 API calls 12643->12646 12644->12495 12647 7fff46f91a42 12645->12647 12648 7fff46f8ea24 free 62 API calls 12645->12648 12646->12645 12649 7fff46f91a50 12647->12649 12650 7fff46f8ea24 free 62 API calls 12647->12650 12648->12647 12651 7fff46f91a5e 12649->12651 12652 7fff46f8ea24 free 62 API calls 12649->12652 12650->12649 12653 7fff46f91a6c 12651->12653 12654 7fff46f8ea24 free 62 API calls 12651->12654 12652->12651 12655 7fff46f91a7a 12653->12655 12656 7fff46f8ea24 free 62 API calls 12653->12656 12654->12653 12657 7fff46f91a8b 12655->12657 12659 7fff46f8ea24 free 62 API calls 12655->12659 12656->12655 12658 7fff46f91aa3 12657->12658 12660 7fff46f8ea24 free 62 API calls 12657->12660 12661 7fff46f94488 _lock 62 API calls 12658->12661 12659->12657 12660->12658 12664 7fff46f91aaf 12661->12664 12662 7fff46f91adc 12674 7fff46f94388 LeaveCriticalSection 12662->12674 12664->12662 12666 7fff46f8ea24 free 62 API calls 12664->12666 12666->12662 14820 7fff46f9edd6 14823 7fff46f94388 LeaveCriticalSection 14820->14823 14189 7fff46f8f368 14194 7fff46f93eb4 14189->14194 14195 7fff46f94488 _lock 62 API calls 14194->14195 14196 7fff46f93ec7 14195->14196 14200 7fff46f8ea24 free 62 API calls 14196->14200 14201 7fff46f93f0b 14196->14201 14202 7fff46f93efb 14196->14202 14199 7fff46f8ea24 free 62 API calls 14199->14201 14200->14202 14203 7fff46f94388 LeaveCriticalSection 14201->14203 14202->14199 14208 7fff46f9ed6e 14209 7fff46f9ed8a 14208->14209 14210 7fff46f9ed80 14208->14210 14212 7fff46f94388 LeaveCriticalSection 14210->14212 14252 7fff46f9f47c 14255 7fff46f9d3c0 14252->14255 14256 7fff46f919ec _getptd 62 API calls 14255->14256 14257 7fff46f9d3e5 14256->14257 14258 7fff46f919ec _getptd 62 API calls 14257->14258 14259 7fff46f9d3f4 14258->14259 14264 7fff46f9eab0 14259->14264 14262 7fff46f919ec _getptd 62 API calls 14263 7fff46f9d434 14262->14263 14265 7fff46f919ec _getptd 62 API calls 14264->14265 14267 7fff46f9ead9 14265->14267 14266 7fff46f9ebd7 14270 7fff46f9ebf7 14266->14270 14281 7fff46f9d42f 14266->14281 14318 7fff46f9d224 14266->14318 14267->14266 14268 7fff46f9eb44 14267->14268 14267->14281 14272 7fff46f9eba0 14268->14272 14275 7fff46f9eb66 14268->14275 14268->14281 14269 7fff46f9ec31 14269->14281 14324 7fff46f9e5bc 14269->14324 14270->14269 14270->14281 14321 7fff46f9d23c 14270->14321 14274 7fff46f9ebc4 14272->14274 14277 7fff46f9eba9 14272->14277 14309 7fff46f9d28c 14274->14309 14286 7fff46f9d83c 14275->14286 14282 7fff46f9eb8a 14277->14282 14283 7fff46f944f0 __SehTransFilter 65 API calls 14277->14283 14281->14262 14292 7fff46f9db30 14282->14292 14283->14282 14284 7fff46f944f0 __SehTransFilter 65 API calls 14284->14282 14287 7fff46f9d85e 14286->14287 14288 7fff46f9d863 14286->14288 14289 7fff46f944f0 __SehTransFilter 65 API calls 14287->14289 14290 7fff46f944f0 __SehTransFilter 65 API calls 14288->14290 14291 7fff46f9d875 14288->14291 14289->14288 14290->14291 14291->14282 14291->14284 14396 7fff46f9d8d0 14292->14396 14295 7fff46f9d224 __SehTransFilter 62 API calls 14296 7fff46f9db6a 14295->14296 14297 7fff46f919ec _getptd 62 API calls 14296->14297 14307 7fff46f9db74 __SehTransFilter 14297->14307 14298 7fff46f9dc70 14299 7fff46f919ec _getptd 62 API calls 14298->14299 14300 7fff46f9dc75 14299->14300 14302 7fff46f9dc83 14300->14302 14304 7fff46f919ec _getptd 62 API calls 14300->14304 14301 7fff46f944f0 __SehTransFilter 65 API calls 14301->14307 14305 7fff46f9dc98 __SehTransFilter 14302->14305 14306 7fff46f944f0 __SehTransFilter 65 API calls 14302->14306 14303 7fff46f9d224 62 API calls __SehTransFilter 14303->14307 14304->14302 14305->14281 14306->14305 14307->14298 14307->14301 14307->14303 14308 7fff46f9d254 _SetImageBase 62 API calls 14307->14308 14308->14307 14400 7fff46f9d138 14309->14400 14313 7fff46f919ec _getptd 62 API calls 14314 7fff46f9d2c1 14313->14314 14314->14313 14315 7fff46f9d2ff 14314->14315 14316 7fff46f9db30 __SehTransFilter 65 API calls 14315->14316 14317 7fff46f9d31e 14316->14317 14317->14281 14319 7fff46f919ec _getptd 62 API calls 14318->14319 14320 7fff46f9d22d 14319->14320 14320->14270 14322 7fff46f919ec _getptd 62 API calls 14321->14322 14323 7fff46f9d245 14322->14323 14323->14269 14325 7fff46f9d8c8 __SetUnwindTryBlock 65 API calls 14324->14325 14326 7fff46f9e603 14325->14326 14327 7fff46f9d138 __SetUnwindTryBlock 66 API calls 14326->14327 14328 7fff46f9e617 14327->14328 14411 7fff46f9d940 14328->14411 14331 7fff46f9e64e 14333 7fff46f9d940 __GetUnwindTryBlock 66 API calls 14331->14333 14332 7fff46f9e62f __SehTransFilter 14414 7fff46f9d904 14332->14414 14334 7fff46f9e64c 14333->14334 14336 7fff46f944f0 __SehTransFilter 65 API calls 14334->14336 14341 7fff46f9e667 14334->14341 14336->14341 14337 7fff46f9ea4b 14338 7fff46f9ea1c 14337->14338 14339 7fff46f9ea57 14337->14339 14340 7fff46f9ea83 14337->14340 14342 7fff46f919ec _getptd 62 API calls 14338->14342 14463 7fff46f9e384 14339->14463 14345 7fff46f944cc __SehTransFilter 64 API calls 14340->14345 14341->14337 14346 7fff46f9e809 14341->14346 14350 7fff46f919ec _getptd 62 API calls 14341->14350 14343 7fff46f9ea21 14342->14343 14347 7fff46f9ea30 14343->14347 14352 7fff46f944f0 __SehTransFilter 65 API calls 14343->14352 14348 7fff46f9ea88 14345->14348 14346->14337 14349 7fff46f9e843 14346->14349 14347->14281 14353 7fff46f8ed3c std::exception::exception 62 API calls 14348->14353 14354 7fff46f9e987 14349->14354 14430 7fff46f9d4b8 14349->14430 14351 7fff46f9e6ac 14350->14351 14351->14347 14357 7fff46f919ec _getptd 62 API calls 14351->14357 14352->14347 14355 7fff46f9ea9a 14353->14355 14354->14338 14359 7fff46f9d224 __SehTransFilter 62 API calls 14354->14359 14362 7fff46f9e9ad 14354->14362 14355->14281 14358 7fff46f9e6bf 14357->14358 14360 7fff46f919ec _getptd 62 API calls 14358->14360 14359->14362 14363 7fff46f9e6cb 14360->14363 14361 7fff46f9e9c2 14368 7fff46f9dd24 __SehTransFilter 65 API calls 14361->14368 14362->14338 14362->14361 14364 7fff46f9d224 __SehTransFilter 62 API calls 14362->14364 14417 7fff46f9d270 14363->14417 14364->14361 14366 7fff46f9d224 __SehTransFilter 62 API calls 14386 7fff46f9e876 14366->14386 14367 7fff46f9e6df __SehTransFilter 14372 7fff46f944f0 __SehTransFilter 65 API calls 14367->14372 14378 7fff46f9e6f5 14367->14378 14369 7fff46f9e9d8 14368->14369 14369->14338 14370 7fff46f9d138 __SetUnwindTryBlock 66 API calls 14369->14370 14373 7fff46f9e9ee 14370->14373 14371 7fff46f9d23c 62 API calls __SehTransFilter 14371->14386 14372->14378 14458 7fff46f9d6bc 14373->14458 14374 7fff46f9e72a 14375 7fff46f919ec _getptd 62 API calls 14374->14375 14377 7fff46f9e72f 14375->14377 14377->14346 14380 7fff46f919ec _getptd 62 API calls 14377->14380 14378->14374 14379 7fff46f944f0 __SehTransFilter 65 API calls 14378->14379 14379->14374 14381 7fff46f9e742 14380->14381 14382 7fff46f919ec _getptd 62 API calls 14381->14382 14384 7fff46f9e74e 14382->14384 14420 7fff46f9dd24 14384->14420 14386->14354 14386->14366 14386->14371 14435 7fff46f9d9b8 14386->14435 14449 7fff46f9e2c0 14386->14449 14388 7fff46f9e7c6 14389 7fff46f944cc __SehTransFilter 64 API calls 14388->14389 14390 7fff46f9e7cb __SehTransFilter 14389->14390 14393 7fff46f8ec7c std::exception::exception 62 API calls 14390->14393 14391 7fff46f9d224 62 API calls __SehTransFilter 14392 7fff46f9e761 type_info::operator== 14391->14392 14392->14346 14392->14388 14392->14390 14392->14391 14394 7fff46f9e7ee 14393->14394 14395 7fff46f925d0 __SehTransFilter RaiseException 14394->14395 14395->14346 14397 7fff46f9d8e7 14396->14397 14398 7fff46f9d8f2 14396->14398 14399 7fff46f9d83c __SehTransFilter 65 API calls 14397->14399 14398->14295 14399->14398 14401 7fff46f9d8c8 __SetUnwindTryBlock 65 API calls 14400->14401 14402 7fff46f9d16c 14401->14402 14403 7fff46f9d1a1 RtlLookupFunctionEntry 14402->14403 14404 7fff46f9d1ee 14402->14404 14403->14402 14405 7fff46f9d8c8 14404->14405 14406 7fff46f9d83c 14405->14406 14407 7fff46f9d863 14406->14407 14408 7fff46f944f0 __SehTransFilter 65 API calls 14406->14408 14409 7fff46f944f0 __SehTransFilter 65 API calls 14407->14409 14410 7fff46f9d875 14407->14410 14408->14407 14409->14410 14410->14314 14412 7fff46f9d138 __SetUnwindTryBlock 66 API calls 14411->14412 14413 7fff46f9d953 14412->14413 14413->14331 14413->14332 14415 7fff46f9d138 __SetUnwindTryBlock 66 API calls 14414->14415 14416 7fff46f9d91e 14415->14416 14416->14334 14418 7fff46f919ec _getptd 62 API calls 14417->14418 14419 7fff46f9d27e 14418->14419 14419->14367 14421 7fff46f9dd4b 14420->14421 14427 7fff46f9dd55 14420->14427 14423 7fff46f944f0 __SehTransFilter 65 API calls 14421->14423 14422 7fff46f9ddd7 14422->14392 14424 7fff46f9dd50 14423->14424 14425 7fff46f944cc __SehTransFilter 64 API calls 14424->14425 14425->14427 14426 7fff46f9d23c 62 API calls __SehTransFilter 14426->14427 14427->14422 14427->14426 14428 7fff46f9d224 __SehTransFilter 62 API calls 14427->14428 14429 7fff46f9d9b8 __SehTransFilter 62 API calls 14427->14429 14428->14427 14429->14427 14431 7fff46f9d8c8 __SetUnwindTryBlock 65 API calls 14430->14431 14432 7fff46f9d4ec 14431->14432 14433 7fff46f944f0 __SehTransFilter 65 API calls 14432->14433 14434 7fff46f9d4f7 14432->14434 14433->14434 14434->14386 14436 7fff46f9d9e3 14435->14436 14439 7fff46f9d9eb 14435->14439 14437 7fff46f9d224 __SehTransFilter 62 API calls 14436->14437 14437->14439 14438 7fff46f9da67 type_info::operator== 14438->14386 14439->14438 14440 7fff46f9d224 __SehTransFilter 62 API calls 14439->14440 14441 7fff46f9da0a 14439->14441 14440->14441 14441->14438 14442 7fff46f9da26 14441->14442 14443 7fff46f9d224 __SehTransFilter 62 API calls 14441->14443 14444 7fff46f9d23c __SehTransFilter 62 API calls 14442->14444 14443->14442 14445 7fff46f9da3a 14444->14445 14445->14438 14446 7fff46f9da53 14445->14446 14447 7fff46f9d224 __SehTransFilter 62 API calls 14445->14447 14448 7fff46f9d23c __SehTransFilter 62 API calls 14446->14448 14447->14446 14448->14438 14450 7fff46f9d138 __SetUnwindTryBlock 66 API calls 14449->14450 14451 7fff46f9e2fd 14450->14451 14452 7fff46f9e323 14451->14452 14480 7fff46f9e210 14451->14480 14454 7fff46f9d224 __SehTransFilter 62 API calls 14452->14454 14455 7fff46f9e328 14454->14455 14456 7fff46f9d6bc __SehTransFilter 9 API calls 14455->14456 14457 7fff46f9e368 14456->14457 14457->14386 14501 7fff46f8ee60 14458->14501 14461 7fff46f8e750 sprintf 8 API calls 14462 7fff46f9d798 14461->14462 14462->14338 14464 7fff46f9e5a4 14463->14464 14465 7fff46f9e3b5 14463->14465 14464->14338 14466 7fff46f919ec _getptd 62 API calls 14465->14466 14467 7fff46f9e3ba 14466->14467 14469 7fff46f919ec _getptd 62 API calls 14467->14469 14477 7fff46f9e420 14467->14477 14468 7fff46f9e433 14471 7fff46f9d4b8 __SehTransFilter 65 API calls 14468->14471 14472 7fff46f9e3d8 14469->14472 14470 7fff46f944f0 __SehTransFilter 65 API calls 14470->14468 14478 7fff46f9e468 14471->14478 14503 7fff46f91860 EncodePointer 14472->14503 14475 7fff46f9d224 62 API calls __SehTransFilter 14475->14478 14477->14464 14477->14468 14477->14470 14478->14464 14478->14475 14479 7fff46f9e2c0 __SehTransFilter 67 API calls 14478->14479 14479->14478 14481 7fff46f9e22e 14480->14481 14489 7fff46f9e00c 14481->14489 14483 7fff46f9e23f 14484 7fff46f9e27d 14483->14484 14485 7fff46f9e243 14483->14485 14486 7fff46f9e255 __AdjustPointer 14484->14486 14487 7fff46f9d23c __SehTransFilter 62 API calls 14484->14487 14485->14486 14488 7fff46f9d23c __SehTransFilter 62 API calls 14485->14488 14486->14452 14487->14486 14488->14486 14490 7fff46f9e03c 14489->14490 14492 7fff46f9e044 14489->14492 14491 7fff46f9d224 __SehTransFilter 62 API calls 14490->14491 14491->14492 14493 7fff46f9d224 __SehTransFilter 62 API calls 14492->14493 14494 7fff46f9e061 14492->14494 14497 7fff46f9e0cb __AdjustPointer __initmbctable 14492->14497 14493->14494 14495 7fff46f9d23c __SehTransFilter 62 API calls 14494->14495 14494->14497 14498 7fff46f9e0a6 __SehTransFilter 14494->14498 14499 7fff46f9e143 __SehTransFilter 14494->14499 14495->14499 14496 7fff46f944f0 __SehTransFilter 65 API calls 14496->14497 14497->14483 14498->14496 14498->14497 14499->14498 14500 7fff46f9d23c __SehTransFilter 62 API calls 14499->14500 14500->14498 14502 7fff46f8ee6c RtlUnwindEx 14501->14502 14502->14461 14508 7fff46f95d74 14513 7fff46f97dd0 14508->14513 14514 7fff46f97ce4 14513->14514 14515 7fff46f94488 _lock 62 API calls 14514->14515 14516 7fff46f97d0c 14515->14516 14517 7fff46f97da3 14516->14517 14521 7fff46f95e80 wprintf LeaveCriticalSection 14516->14521 14522 7fff46f97c98 86 API calls _fflush_nolock 14516->14522 14532 7fff46f95e00 14516->14532 14537 7fff46f94388 LeaveCriticalSection 14517->14537 14521->14516 14522->14516 14533 7fff46f95e0e 14532->14533 14534 7fff46f95e21 EnterCriticalSection 14532->14534 14535 7fff46f94488 _lock 62 API calls 14533->14535 14536 7fff46f95e16 14535->14536 14536->14516 11330 7fff46f89390 11333 7fff46f89260 11330->11333 11359 7fff46f89150 11333->11359 11335 7fff46f89279 11370 7fff46f8eb24 11335->11370 11337 7fff46f89283 sprintf 11382 7fff46f8f3c4 11337->11382 11340 7fff46f8f3c4 __tzset 65 API calls 11341 7fff46f892c5 11340->11341 11342 7fff46f8f3c4 __tzset 65 API calls 11341->11342 11343 7fff46f892d4 11342->11343 11344 7fff46f8f3c4 __tzset 65 API calls 11343->11344 11345 7fff46f892e3 11344->11345 11346 7fff46f8f3c4 __tzset 65 API calls 11345->11346 11347 7fff46f892f2 11346->11347 11348 7fff46f8f3c4 __tzset 65 API calls 11347->11348 11349 7fff46f89301 11348->11349 11386 7fff46f8b780 11349->11386 11351 7fff46f89324 11352 7fff46f8934f 11351->11352 11353 7fff46f8eb24 74 API calls 11351->11353 11408 7fff46f83ad0 11352->11408 11355 7fff46f8933d 11353->11355 11355->11352 11357 7fff46f89347 11355->11357 11356 7fff46f89365 11393 7fff46f81630 11357->11393 11360 7fff46f891df OpenMutexA 11359->11360 11361 7fff46f89181 GetComputerNameA 11359->11361 11362 7fff46f891fb CreateMutexA 11360->11362 11363 7fff46f89214 WaitForSingleObject 11360->11363 11361->11360 11368 7fff46f891c8 11361->11368 11362->11363 11364 7fff46f8923c 11362->11364 11363->11364 11365 7fff46f89223 ReleaseMutex CloseHandle 11363->11365 11415 7fff46f8e750 11364->11415 11365->11364 11367 7fff46f8924a 11367->11335 11368->11360 11369 7fff46f891de 11368->11369 11369->11360 11373 7fff46f8eb2f 11370->11373 11372 7fff46f8eb48 11372->11337 11373->11372 11376 7fff46f8eb4e 11373->11376 11427 7fff46f92434 DecodePointer 11373->11427 11429 7fff46f8ea64 11373->11429 11375 7fff46f8eb9f 11448 7fff46f8ed3c 11375->11448 11376->11375 11445 7fff46f925b8 11376->11445 11381 7fff46f8ebc6 11383 7fff46f9424c 11382->11383 11736 7fff46f93fe0 11383->11736 11387 7fff46f8eb24 74 API calls 11386->11387 11388 7fff46f8b790 11387->11388 11389 7fff46f8b7e9 11388->11389 12062 7fff46f85cb0 11388->12062 11389->11351 11392 7fff46f8b7db sprintf 11392->11351 11394 7fff46f85cb0 74 API calls 11393->11394 11395 7fff46f81678 InitializeConditionVariable InitializeConditionVariable 11394->11395 12073 7fff46f85150 11395->12073 11404 7fff46f8eb24 74 API calls 11405 7fff46f81823 sprintf 11404->11405 11406 7fff46f8e750 sprintf 8 API calls 11405->11406 11407 7fff46f81866 11406->11407 11407->11352 11409 7fff46f83af9 __initmbctable 11408->11409 12324 7fff46f8f26c 11409->12324 11412 7fff46f83b1f GetLastError 11412->11356 11413 7fff46f83b2e CloseHandle 11414 7fff46f83bcc 11413->11414 11414->11356 11416 7fff46f8e759 11415->11416 11417 7fff46f8e764 11416->11417 11418 7fff46f8fa30 RtlCaptureContext RtlLookupFunctionEntry 11416->11418 11417->11367 11419 7fff46f8fa74 RtlVirtualUnwind 11418->11419 11420 7fff46f8fab5 11418->11420 11421 7fff46f8fad7 IsDebuggerPresent 11419->11421 11420->11421 11426 7fff46f95214 11421->11426 11423 7fff46f8fb36 SetUnhandledExceptionFilter UnhandledExceptionFilter 11424 7fff46f8fb5e GetCurrentProcess TerminateProcess 11423->11424 11425 7fff46f8fb54 sprintf 11423->11425 11424->11367 11425->11424 11426->11423 11428 7fff46f9244f 11427->11428 11428->11373 11430 7fff46f8eaf8 11429->11430 11442 7fff46f8ea7c 11429->11442 11431 7fff46f92434 _callnewh DecodePointer 11430->11431 11433 7fff46f8eafd 11431->11433 11432 7fff46f8eab4 HeapAlloc 11436 7fff46f8eaed 11432->11436 11432->11442 11435 7fff46f90b14 _errno 61 API calls 11433->11435 11435->11436 11436->11373 11437 7fff46f8eadd 11503 7fff46f90b14 11437->11503 11440 7fff46f92434 _callnewh DecodePointer 11440->11442 11441 7fff46f8eae2 11444 7fff46f90b14 _errno 61 API calls 11441->11444 11442->11432 11442->11437 11442->11440 11442->11441 11454 7fff46f923e8 11442->11454 11463 7fff46f92188 11442->11463 11500 7fff46f8f40c 11442->11500 11444->11436 11690 7fff46f924ac 11445->11690 11447 7fff46f925c1 11447->11375 11711 7fff46f8ecac 11448->11711 11451 7fff46f925d0 11452 7fff46f925fe __initmbctable 11451->11452 11453 7fff46f9263d RaiseException 11452->11453 11453->11381 11506 7fff46f96fe0 11454->11506 11457 7fff46f96fe0 _set_error_mode 62 API calls 11460 7fff46f92405 11457->11460 11458 7fff46f92188 _FF_MSGBANNER 62 API calls 11459 7fff46f9241c 11458->11459 11462 7fff46f92188 _FF_MSGBANNER 62 API calls 11459->11462 11460->11458 11461 7fff46f92426 11460->11461 11461->11442 11462->11461 11465 7fff46f921bc _FF_MSGBANNER 11463->11465 11464 7fff46f9230e 11466 7fff46f8e750 sprintf 8 API calls 11464->11466 11465->11464 11467 7fff46f96fe0 _set_error_mode 59 API calls 11465->11467 11468 7fff46f923c8 11466->11468 11469 7fff46f921d2 11467->11469 11468->11442 11470 7fff46f92350 GetStdHandle 11469->11470 11471 7fff46f96fe0 _set_error_mode 59 API calls 11469->11471 11470->11464 11473 7fff46f92363 sprintf 11470->11473 11472 7fff46f921e3 11471->11472 11472->11464 11472->11470 11534 7fff46f96f74 11472->11534 11473->11464 11475 7fff46f9239d WriteFile 11473->11475 11475->11464 11477 7fff46f92229 GetModuleFileNameW 11479 7fff46f9224f 11477->11479 11484 7fff46f92278 _FF_MSGBANNER 11477->11484 11478 7fff46f9233c 11480 7fff46f90a08 __wtomb_environ 16 API calls 11478->11480 11481 7fff46f96f74 _FF_MSGBANNER 59 API calls 11479->11481 11482 7fff46f9234f 11480->11482 11483 7fff46f92260 11481->11483 11482->11470 11483->11484 11487 7fff46f90a08 __wtomb_environ 16 API calls 11483->11487 11485 7fff46f922d0 11484->11485 11543 7fff46f96e88 11484->11543 11552 7fff46f96e00 11485->11552 11487->11484 11490 7fff46f92327 11492 7fff46f90a08 __wtomb_environ 16 API calls 11490->11492 11492->11478 11493 7fff46f96e00 _FF_MSGBANNER 59 API calls 11494 7fff46f922f5 11493->11494 11496 7fff46f922f9 11494->11496 11497 7fff46f92313 11494->11497 11495 7fff46f90a08 __wtomb_environ 16 API calls 11495->11485 11561 7fff46f96bf8 11496->11561 11498 7fff46f90a08 __wtomb_environ 16 API calls 11497->11498 11498->11490 11580 7fff46f8f3d0 GetModuleHandleW 11500->11580 11584 7fff46f91968 GetLastError FlsGetValue 11503->11584 11505 7fff46f90b1d 11505->11441 11507 7fff46f96fe8 11506->11507 11508 7fff46f90b14 _errno 62 API calls 11507->11508 11511 7fff46f923f6 11507->11511 11509 7fff46f9700d 11508->11509 11512 7fff46f90aac 11509->11512 11511->11457 11511->11460 11515 7fff46f90a3c DecodePointer 11512->11515 11516 7fff46f90a9b 11515->11516 11519 7fff46f90a7a 11515->11519 11522 7fff46f90a08 11516->11522 11519->11511 11525 7fff46f908bc 11522->11525 11526 7fff46f908f6 sprintf 11525->11526 11527 7fff46f90912 RtlCaptureContext RtlLookupFunctionEntry 11526->11527 11528 7fff46f9094b RtlVirtualUnwind 11527->11528 11529 7fff46f90982 11527->11529 11530 7fff46f9099e IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11528->11530 11529->11530 11531 7fff46f909d0 sprintf 11530->11531 11532 7fff46f8e750 sprintf 8 API calls 11531->11532 11533 7fff46f909ef GetCurrentProcess TerminateProcess 11532->11533 11535 7fff46f96f8f 11534->11535 11536 7fff46f96f85 11534->11536 11537 7fff46f90b14 _errno 62 API calls 11535->11537 11536->11535 11539 7fff46f96fac 11536->11539 11538 7fff46f96f98 11537->11538 11540 7fff46f90aac _invalid_parameter_noinfo 17 API calls 11538->11540 11541 7fff46f9221f 11539->11541 11542 7fff46f90b14 _errno 62 API calls 11539->11542 11540->11541 11541->11477 11541->11478 11542->11538 11545 7fff46f96e98 11543->11545 11544 7fff46f90b14 _errno 62 API calls 11546 7fff46f96ec7 11544->11546 11547 7fff46f922b8 11545->11547 11548 7fff46f96e9d 11545->11548 11550 7fff46f96edb 11545->11550 11549 7fff46f90aac _invalid_parameter_noinfo 17 API calls 11546->11549 11547->11485 11547->11495 11548->11544 11548->11547 11549->11547 11550->11547 11551 7fff46f90b14 _errno 62 API calls 11550->11551 11551->11546 11553 7fff46f96e1b 11552->11553 11556 7fff46f96e11 11552->11556 11554 7fff46f90b14 _errno 62 API calls 11553->11554 11555 7fff46f96e24 11554->11555 11557 7fff46f90aac _invalid_parameter_noinfo 17 API calls 11555->11557 11556->11553 11559 7fff46f96e52 11556->11559 11558 7fff46f922e3 11557->11558 11558->11490 11558->11493 11559->11558 11560 7fff46f90b14 _errno 62 API calls 11559->11560 11560->11555 11579 7fff46f91860 EncodePointer 11561->11579 11581 7fff46f8f3ea GetProcAddress 11580->11581 11582 7fff46f8f403 ExitProcess 11580->11582 11581->11582 11583 7fff46f8f3ff 11581->11583 11583->11582 11585 7fff46f9198e 11584->11585 11586 7fff46f919d6 SetLastError 11584->11586 11596 7fff46f93d20 11585->11596 11586->11505 11589 7fff46f919a3 FlsSetValue 11590 7fff46f919b9 11589->11590 11591 7fff46f919cf 11589->11591 11601 7fff46f918b0 11590->11601 11610 7fff46f8ea24 11591->11610 11597 7fff46f93d45 11596->11597 11599 7fff46f9199b 11597->11599 11600 7fff46f93d63 Sleep 11597->11600 11615 7fff46f97634 11597->11615 11599->11586 11599->11589 11600->11597 11600->11599 11623 7fff46f94488 11601->11623 11611 7fff46f8ea29 HeapFree 11610->11611 11612 7fff46f8ea5b 11610->11612 11611->11612 11613 7fff46f8ea44 11611->11613 11612->11586 11614 7fff46f90b14 _errno 61 API calls 11613->11614 11614->11612 11616 7fff46f97649 11615->11616 11621 7fff46f97666 11615->11621 11617 7fff46f97657 11616->11617 11616->11621 11618 7fff46f90b14 _errno 61 API calls 11617->11618 11620 7fff46f9765c 11618->11620 11619 7fff46f9767e HeapAlloc 11619->11620 11619->11621 11620->11597 11621->11619 11621->11620 11622 7fff46f92434 _callnewh DecodePointer 11621->11622 11622->11621 11624 7fff46f944b7 EnterCriticalSection 11623->11624 11625 7fff46f944a6 11623->11625 11629 7fff46f943a0 11625->11629 11630 7fff46f943c7 11629->11630 11631 7fff46f943de 11629->11631 11632 7fff46f923e8 _FF_MSGBANNER 60 API calls 11630->11632 11644 7fff46f943f3 11631->11644 11661 7fff46f93ca0 11631->11661 11633 7fff46f943cc 11632->11633 11635 7fff46f92188 _FF_MSGBANNER 60 API calls 11633->11635 11637 7fff46f943d4 11635->11637 11641 7fff46f8f40c malloc 3 API calls 11637->11641 11638 7fff46f94418 11640 7fff46f94488 _lock 60 API calls 11638->11640 11639 7fff46f94409 11642 7fff46f90b14 _errno 60 API calls 11639->11642 11643 7fff46f94422 11640->11643 11641->11631 11642->11644 11645 7fff46f9445b 11643->11645 11646 7fff46f9442e InitializeCriticalSectionAndSpinCount 11643->11646 11644->11624 11654 7fff46f8f758 11644->11654 11649 7fff46f8ea24 free 60 API calls 11645->11649 11647 7fff46f9443d 11646->11647 11648 7fff46f9444a LeaveCriticalSection 11646->11648 11650 7fff46f8ea24 free 60 API calls 11647->11650 11648->11644 11649->11648 11652 7fff46f94445 11650->11652 11653 7fff46f90b14 _errno 60 API calls 11652->11653 11653->11648 11655 7fff46f923e8 _FF_MSGBANNER 62 API calls 11654->11655 11656 7fff46f8f765 11655->11656 11657 7fff46f92188 _FF_MSGBANNER 62 API calls 11656->11657 11658 7fff46f8f76c 11657->11658 11666 7fff46f8f5a0 11658->11666 11663 7fff46f93cc8 11661->11663 11662 7fff46f8ea64 malloc 61 API calls 11662->11663 11663->11662 11664 7fff46f93d00 11663->11664 11665 7fff46f93cdc Sleep 11663->11665 11664->11638 11664->11639 11665->11663 11665->11664 11667 7fff46f94488 _lock 56 API calls 11666->11667 11668 7fff46f8f5ce 11667->11668 11670 7fff46f8f5f5 DecodePointer 11668->11670 11674 7fff46f8f6b6 _amsg_exit 11668->11674 11669 7fff46f8f6ec 11676 7fff46f8f717 11669->11676 11689 7fff46f94388 LeaveCriticalSection 11669->11689 11673 7fff46f8f613 DecodePointer 11670->11673 11670->11674 11680 7fff46f8f638 11673->11680 11674->11669 11688 7fff46f94388 LeaveCriticalSection 11674->11688 11680->11674 11681 7fff46f8f657 DecodePointer 11680->11681 11686 7fff46f91860 EncodePointer 11680->11686 11687 7fff46f91860 EncodePointer 11681->11687 11705 7fff46f8f424 11690->11705 11692 7fff46f924cd DecodePointer DecodePointer 11693 7fff46f924f7 11692->11693 11696 7fff46f92592 _cinit 11692->11696 11694 7fff46f97020 _recalloc 63 API calls 11693->11694 11693->11696 11695 7fff46f92513 11694->11695 11697 7fff46f92570 EncodePointer EncodePointer 11695->11697 11698 7fff46f9252f 11695->11698 11699 7fff46f92540 11695->11699 11696->11447 11697->11696 11700 7fff46f93da4 _cinit 66 API calls 11698->11700 11699->11696 11701 7fff46f92537 11699->11701 11700->11701 11701->11699 11702 7fff46f92558 EncodePointer 11701->11702 11703 7fff46f93da4 _cinit 66 API calls 11701->11703 11702->11697 11704 7fff46f92553 11703->11704 11704->11696 11704->11702 11706 7fff46f94488 11705->11706 11707 7fff46f944b7 EnterCriticalSection 11706->11707 11708 7fff46f943a0 _lock 62 API calls 11706->11708 11709 7fff46f944ab 11708->11709 11709->11707 11710 7fff46f8f758 _amsg_exit 62 API calls 11709->11710 11710->11707 11712 7fff46f8ecc1 11711->11712 11713 7fff46f8ebb0 11711->11713 11717 7fff46f8ec54 11712->11717 11713->11451 11718 7fff46f8ec6c 11717->11718 11719 7fff46f8ec63 11717->11719 11718->11713 11721 7fff46f8ebf8 11718->11721 11720 7fff46f8ea24 free 62 API calls 11719->11720 11720->11718 11722 7fff46f8ebfd sprintf 11721->11722 11725 7fff46f8ec3e 11721->11725 11723 7fff46f8ea64 malloc 62 API calls 11722->11723 11724 7fff46f8ec26 11723->11724 11724->11725 11727 7fff46f92664 11724->11727 11725->11713 11728 7fff46f9266f 11727->11728 11730 7fff46f92679 11727->11730 11728->11730 11734 7fff46f92695 11728->11734 11729 7fff46f90b14 _errno 62 API calls 11731 7fff46f92681 11729->11731 11730->11729 11732 7fff46f90aac _invalid_parameter_noinfo 17 API calls 11731->11732 11733 7fff46f9268d 11732->11733 11733->11725 11734->11733 11735 7fff46f90b14 _errno 62 API calls 11734->11735 11735->11731 11748 7fff46f8e810 11736->11748 11738 7fff46f94021 11739 7fff46f90b14 _errno 62 API calls 11738->11739 11741 7fff46f94026 11739->11741 11742 7fff46f90aac _invalid_parameter_noinfo 17 API calls 11741->11742 11747 7fff46f892b7 11742->11747 11743 7fff46f9404b 11745 7fff46f94098 11743->11745 11756 7fff46f91ffc 11743->11756 11746 7fff46f90b14 _errno 62 API calls 11745->11746 11745->11747 11746->11747 11747->11340 11749 7fff46f8e822 11748->11749 11754 7fff46f8e883 11748->11754 11763 7fff46f919ec 11749->11763 11752 7fff46f8e85c 11752->11754 11782 7fff46f90f18 11752->11782 11754->11738 11754->11743 11757 7fff46f8e810 sprintf 62 API calls 11756->11757 11758 7fff46f9201e 11757->11758 11762 7fff46f9202b 11758->11762 12041 7fff46f91f6c 11758->12041 11762->11743 11764 7fff46f91968 __getgmtimebuf 62 API calls 11763->11764 11765 7fff46f919f7 11764->11765 11766 7fff46f8e827 11765->11766 11767 7fff46f8f758 _amsg_exit 62 API calls 11765->11767 11766->11752 11768 7fff46f917e8 11766->11768 11767->11766 11769 7fff46f919ec _getptd 62 API calls 11768->11769 11770 7fff46f917f3 11769->11770 11771 7fff46f9181c 11770->11771 11773 7fff46f9180e 11770->11773 11772 7fff46f94488 _lock 62 API calls 11771->11772 11775 7fff46f91826 11772->11775 11774 7fff46f919ec _getptd 62 API calls 11773->11774 11779 7fff46f91813 11774->11779 11793 7fff46f91790 11775->11793 11780 7fff46f91854 11779->11780 11781 7fff46f8f758 _amsg_exit 62 API calls 11779->11781 11780->11752 11781->11780 11783 7fff46f919ec _getptd 62 API calls 11782->11783 11784 7fff46f90f27 11783->11784 11785 7fff46f94488 _lock 62 API calls 11784->11785 11787 7fff46f90f42 11784->11787 11789 7fff46f90f55 11785->11789 11786 7fff46f90f8b 12040 7fff46f94388 LeaveCriticalSection 11786->12040 11788 7fff46f90fc4 11787->11788 11791 7fff46f8f758 _amsg_exit 62 API calls 11787->11791 11788->11754 11789->11786 11792 7fff46f8ea24 free 62 API calls 11789->11792 11791->11788 11792->11786 11794 7fff46f917da 11793->11794 11795 7fff46f9179e __getgmtimebuf _freefls 11793->11795 11797 7fff46f94388 LeaveCriticalSection 11794->11797 11795->11794 11798 7fff46f91614 11795->11798 11799 7fff46f916ab 11798->11799 11800 7fff46f91632 11798->11800 11801 7fff46f916fe 11799->11801 11802 7fff46f8ea24 free 62 API calls 11799->11802 11800->11799 11803 7fff46f91671 11800->11803 11810 7fff46f8ea24 free 62 API calls 11800->11810 11811 7fff46f9172b 11801->11811 11866 7fff46f9631c 11801->11866 11804 7fff46f916cf 11802->11804 11808 7fff46f91693 11803->11808 11818 7fff46f8ea24 free 62 API calls 11803->11818 11807 7fff46f8ea24 free 62 API calls 11804->11807 11812 7fff46f916e3 11807->11812 11814 7fff46f8ea24 free 62 API calls 11808->11814 11809 7fff46f8ea24 free 62 API calls 11809->11811 11816 7fff46f91665 11810->11816 11813 7fff46f91776 11811->11813 11823 7fff46f8ea24 62 API calls free 11811->11823 11817 7fff46f8ea24 free 62 API calls 11812->11817 11815 7fff46f9169f 11814->11815 11819 7fff46f8ea24 free 62 API calls 11815->11819 11826 7fff46f96778 11816->11826 11821 7fff46f916f2 11817->11821 11822 7fff46f91687 11818->11822 11819->11799 11824 7fff46f8ea24 free 62 API calls 11821->11824 11854 7fff46f9670c 11822->11854 11823->11811 11824->11801 11827 7fff46f96781 11826->11827 11852 7fff46f9687c 11826->11852 11828 7fff46f9679b 11827->11828 11829 7fff46f8ea24 free 62 API calls 11827->11829 11830 7fff46f967ad 11828->11830 11831 7fff46f8ea24 free 62 API calls 11828->11831 11829->11828 11832 7fff46f8ea24 free 62 API calls 11830->11832 11833 7fff46f967bf 11830->11833 11831->11830 11832->11833 11834 7fff46f967d1 11833->11834 11835 7fff46f8ea24 free 62 API calls 11833->11835 11836 7fff46f967e3 11834->11836 11838 7fff46f8ea24 free 62 API calls 11834->11838 11835->11834 11837 7fff46f967f5 11836->11837 11839 7fff46f8ea24 free 62 API calls 11836->11839 11840 7fff46f96807 11837->11840 11841 7fff46f8ea24 free 62 API calls 11837->11841 11838->11836 11839->11837 11842 7fff46f96819 11840->11842 11843 7fff46f8ea24 free 62 API calls 11840->11843 11841->11840 11844 7fff46f9682b 11842->11844 11845 7fff46f8ea24 free 62 API calls 11842->11845 11843->11842 11846 7fff46f9683d 11844->11846 11847 7fff46f8ea24 free 62 API calls 11844->11847 11845->11844 11848 7fff46f96852 11846->11848 11849 7fff46f8ea24 free 62 API calls 11846->11849 11847->11846 11850 7fff46f96867 11848->11850 11851 7fff46f8ea24 free 62 API calls 11848->11851 11849->11848 11850->11852 11853 7fff46f8ea24 free 62 API calls 11850->11853 11851->11850 11852->11803 11853->11852 11855 7fff46f96711 11854->11855 11864 7fff46f96772 11854->11864 11856 7fff46f9672a 11855->11856 11857 7fff46f8ea24 free 62 API calls 11855->11857 11858 7fff46f9673c 11856->11858 11859 7fff46f8ea24 free 62 API calls 11856->11859 11857->11856 11860 7fff46f9674e 11858->11860 11861 7fff46f8ea24 free 62 API calls 11858->11861 11859->11858 11862 7fff46f8ea24 free 62 API calls 11860->11862 11863 7fff46f96760 11860->11863 11861->11860 11862->11863 11863->11864 11865 7fff46f8ea24 free 62 API calls 11863->11865 11864->11808 11865->11864 11867 7fff46f9171f 11866->11867 11868 7fff46f96325 11866->11868 11867->11809 11869 7fff46f8ea24 free 62 API calls 11868->11869 11870 7fff46f96336 11869->11870 11871 7fff46f8ea24 free 62 API calls 11870->11871 11872 7fff46f9633f 11871->11872 11873 7fff46f8ea24 free 62 API calls 11872->11873 11874 7fff46f96348 11873->11874 11875 7fff46f8ea24 free 62 API calls 11874->11875 11876 7fff46f96351 11875->11876 11877 7fff46f8ea24 free 62 API calls 11876->11877 11878 7fff46f9635a 11877->11878 11879 7fff46f8ea24 free 62 API calls 11878->11879 11880 7fff46f96363 11879->11880 11881 7fff46f8ea24 free 62 API calls 11880->11881 11882 7fff46f9636b 11881->11882 11883 7fff46f8ea24 free 62 API calls 11882->11883 11884 7fff46f96374 11883->11884 11885 7fff46f8ea24 free 62 API calls 11884->11885 11886 7fff46f9637d 11885->11886 11887 7fff46f8ea24 free 62 API calls 11886->11887 11888 7fff46f96386 11887->11888 11889 7fff46f8ea24 free 62 API calls 11888->11889 11890 7fff46f9638f 11889->11890 11891 7fff46f8ea24 free 62 API calls 11890->11891 11892 7fff46f96398 11891->11892 11893 7fff46f8ea24 free 62 API calls 11892->11893 11894 7fff46f963a1 11893->11894 11895 7fff46f8ea24 free 62 API calls 11894->11895 11896 7fff46f963aa 11895->11896 11897 7fff46f8ea24 free 62 API calls 11896->11897 11898 7fff46f963b3 11897->11898 11899 7fff46f8ea24 free 62 API calls 11898->11899 11900 7fff46f963bc 11899->11900 11901 7fff46f8ea24 free 62 API calls 11900->11901 11902 7fff46f963c8 11901->11902 11903 7fff46f8ea24 free 62 API calls 11902->11903 11904 7fff46f963d4 11903->11904 11905 7fff46f8ea24 free 62 API calls 11904->11905 11906 7fff46f963e0 11905->11906 11907 7fff46f8ea24 free 62 API calls 11906->11907 11908 7fff46f963ec 11907->11908 11909 7fff46f8ea24 free 62 API calls 11908->11909 11910 7fff46f963f8 11909->11910 11911 7fff46f8ea24 free 62 API calls 11910->11911 11912 7fff46f96404 11911->11912 11913 7fff46f8ea24 free 62 API calls 11912->11913 11914 7fff46f96410 11913->11914 11915 7fff46f8ea24 free 62 API calls 11914->11915 11916 7fff46f9641c 11915->11916 11917 7fff46f8ea24 free 62 API calls 11916->11917 11918 7fff46f96428 11917->11918 11919 7fff46f8ea24 free 62 API calls 11918->11919 11920 7fff46f96434 11919->11920 11921 7fff46f8ea24 free 62 API calls 11920->11921 11922 7fff46f96440 11921->11922 11923 7fff46f8ea24 free 62 API calls 11922->11923 11924 7fff46f9644c 11923->11924 11925 7fff46f8ea24 free 62 API calls 11924->11925 11926 7fff46f96458 11925->11926 11927 7fff46f8ea24 free 62 API calls 11926->11927 11928 7fff46f96464 11927->11928 11929 7fff46f8ea24 free 62 API calls 11928->11929 11930 7fff46f96470 11929->11930 11931 7fff46f8ea24 free 62 API calls 11930->11931 11932 7fff46f9647c 11931->11932 11933 7fff46f8ea24 free 62 API calls 11932->11933 11934 7fff46f96488 11933->11934 11935 7fff46f8ea24 free 62 API calls 11934->11935 11936 7fff46f96494 11935->11936 11937 7fff46f8ea24 free 62 API calls 11936->11937 11938 7fff46f964a0 11937->11938 11939 7fff46f8ea24 free 62 API calls 11938->11939 11940 7fff46f964ac 11939->11940 11941 7fff46f8ea24 free 62 API calls 11940->11941 11942 7fff46f964b8 11941->11942 11943 7fff46f8ea24 free 62 API calls 11942->11943 11944 7fff46f964c4 11943->11944 11945 7fff46f8ea24 free 62 API calls 11944->11945 11946 7fff46f964d0 11945->11946 11947 7fff46f8ea24 free 62 API calls 11946->11947 11948 7fff46f964dc 11947->11948 11949 7fff46f8ea24 free 62 API calls 11948->11949 11950 7fff46f964e8 11949->11950 11951 7fff46f8ea24 free 62 API calls 11950->11951 11952 7fff46f964f4 11951->11952 11953 7fff46f8ea24 free 62 API calls 11952->11953 11954 7fff46f96500 11953->11954 11955 7fff46f8ea24 free 62 API calls 11954->11955 11956 7fff46f9650c 11955->11956 11957 7fff46f8ea24 free 62 API calls 11956->11957 11958 7fff46f96518 11957->11958 11959 7fff46f8ea24 free 62 API calls 11958->11959 11960 7fff46f96524 11959->11960 11961 7fff46f8ea24 free 62 API calls 11960->11961 11962 7fff46f96530 11961->11962 11963 7fff46f8ea24 free 62 API calls 11962->11963 11964 7fff46f9653c 11963->11964 11965 7fff46f8ea24 free 62 API calls 11964->11965 11966 7fff46f96548 11965->11966 11967 7fff46f8ea24 free 62 API calls 11966->11967 11968 7fff46f96554 11967->11968 11969 7fff46f8ea24 free 62 API calls 11968->11969 11970 7fff46f96560 11969->11970 11971 7fff46f8ea24 free 62 API calls 11970->11971 11972 7fff46f9656c 11971->11972 11973 7fff46f8ea24 free 62 API calls 11972->11973 11974 7fff46f96578 11973->11974 11975 7fff46f8ea24 free 62 API calls 11974->11975 11976 7fff46f96584 11975->11976 11977 7fff46f8ea24 free 62 API calls 11976->11977 11978 7fff46f96590 11977->11978 11979 7fff46f8ea24 free 62 API calls 11978->11979 11980 7fff46f9659c 11979->11980 11981 7fff46f8ea24 free 62 API calls 11980->11981 11982 7fff46f965a8 11981->11982 11983 7fff46f8ea24 free 62 API calls 11982->11983 11984 7fff46f965b4 11983->11984 11985 7fff46f8ea24 free 62 API calls 11984->11985 11986 7fff46f965c0 11985->11986 11987 7fff46f8ea24 free 62 API calls 11986->11987 11988 7fff46f965cc 11987->11988 11989 7fff46f8ea24 free 62 API calls 11988->11989 11990 7fff46f965d8 11989->11990 11991 7fff46f8ea24 free 62 API calls 11990->11991 11992 7fff46f965e4 11991->11992 11993 7fff46f8ea24 free 62 API calls 11992->11993 11994 7fff46f965f0 11993->11994 11995 7fff46f8ea24 free 62 API calls 11994->11995 11996 7fff46f965fc 11995->11996 11997 7fff46f8ea24 free 62 API calls 11996->11997 11998 7fff46f96608 11997->11998 11999 7fff46f8ea24 free 62 API calls 11998->11999 12000 7fff46f96614 11999->12000 12001 7fff46f8ea24 free 62 API calls 12000->12001 12002 7fff46f96620 12001->12002 12003 7fff46f8ea24 free 62 API calls 12002->12003 12004 7fff46f9662c 12003->12004 12005 7fff46f8ea24 free 62 API calls 12004->12005 12006 7fff46f96638 12005->12006 12007 7fff46f8ea24 free 62 API calls 12006->12007 12008 7fff46f96644 12007->12008 12009 7fff46f8ea24 free 62 API calls 12008->12009 12010 7fff46f96650 12009->12010 12011 7fff46f8ea24 free 62 API calls 12010->12011 12012 7fff46f9665c 12011->12012 12013 7fff46f8ea24 free 62 API calls 12012->12013 12014 7fff46f96668 12013->12014 12015 7fff46f8ea24 free 62 API calls 12014->12015 12016 7fff46f96674 12015->12016 12017 7fff46f8ea24 free 62 API calls 12016->12017 12018 7fff46f96680 12017->12018 12019 7fff46f8ea24 free 62 API calls 12018->12019 12020 7fff46f9668c 12019->12020 12021 7fff46f8ea24 free 62 API calls 12020->12021 12022 7fff46f96698 12021->12022 12023 7fff46f8ea24 free 62 API calls 12022->12023 12024 7fff46f966a4 12023->12024 12025 7fff46f8ea24 free 62 API calls 12024->12025 12026 7fff46f966b0 12025->12026 12027 7fff46f8ea24 free 62 API calls 12026->12027 12028 7fff46f966bc 12027->12028 12029 7fff46f8ea24 free 62 API calls 12028->12029 12030 7fff46f966c8 12029->12030 12031 7fff46f8ea24 free 62 API calls 12030->12031 12032 7fff46f966d4 12031->12032 12033 7fff46f8ea24 free 62 API calls 12032->12033 12034 7fff46f966e0 12033->12034 12035 7fff46f8ea24 free 62 API calls 12034->12035 12036 7fff46f966ec 12035->12036 12037 7fff46f8ea24 free 62 API calls 12036->12037 12038 7fff46f966f8 12037->12038 12039 7fff46f8ea24 free 62 API calls 12038->12039 12039->11867 12042 7fff46f8e810 sprintf 62 API calls 12041->12042 12043 7fff46f91f7e 12042->12043 12044 7fff46f9629c 12043->12044 12045 7fff46f8e810 sprintf 62 API calls 12044->12045 12046 7fff46f962c0 12045->12046 12049 7fff46f9613c 12046->12049 12050 7fff46f9617b 12049->12050 12051 7fff46f96181 MultiByteToWideChar 12049->12051 12050->12051 12053 7fff46f961aa 12051->12053 12060 7fff46f961a3 12051->12060 12052 7fff46f8e750 sprintf 8 API calls 12054 7fff46f96280 12052->12054 12055 7fff46f8ea64 malloc 62 API calls 12053->12055 12056 7fff46f961c9 sprintf _flush 12053->12056 12054->11762 12055->12056 12057 7fff46f9622b MultiByteToWideChar 12056->12057 12056->12060 12058 7fff46f9624c GetStringTypeW 12057->12058 12059 7fff46f96261 12057->12059 12058->12059 12059->12060 12061 7fff46f8ea24 free 62 API calls 12059->12061 12060->12052 12061->12060 12063 7fff46f8eb24 74 API calls 12062->12063 12064 7fff46f85cca 12063->12064 12065 7fff46f85ccf InitializeConditionVariable InitializeConditionVariable 12064->12065 12070 7fff46f8ec7c 12064->12070 12065->11392 12068 7fff46f925d0 __SehTransFilter RaiseException 12069 7fff46f85d2e 12068->12069 12071 7fff46f8ebf8 std::exception::operator= 62 API calls 12070->12071 12072 7fff46f85d11 12071->12072 12072->12068 12074 7fff46f8eb24 74 API calls 12073->12074 12075 7fff46f8516b 12074->12075 12076 7fff46f81699 12075->12076 12077 7fff46f8ec7c std::exception::exception 62 API calls 12075->12077 12081 7fff46f852a0 12076->12081 12078 7fff46f851b8 12077->12078 12079 7fff46f925d0 __SehTransFilter RaiseException 12078->12079 12080 7fff46f851d5 12079->12080 12082 7fff46f8eb24 74 API calls 12081->12082 12083 7fff46f852bb 12082->12083 12084 7fff46f816a4 12083->12084 12085 7fff46f8ec7c std::exception::exception 62 API calls 12083->12085 12089 7fff46f85400 12084->12089 12086 7fff46f85308 12085->12086 12087 7fff46f925d0 __SehTransFilter RaiseException 12086->12087 12088 7fff46f85325 12087->12088 12090 7fff46f8eb24 74 API calls 12089->12090 12091 7fff46f8541b 12090->12091 12092 7fff46f816b2 CoCreateGuid 12091->12092 12093 7fff46f8ec7c std::exception::exception 62 API calls 12091->12093 12097 7fff46f8e770 12092->12097 12094 7fff46f85468 12093->12094 12095 7fff46f925d0 __SehTransFilter RaiseException 12094->12095 12096 7fff46f85485 12095->12096 12098 7fff46f8e7a3 sprintf 12097->12098 12099 7fff46f8e7a8 12098->12099 12100 7fff46f8e7c2 12098->12100 12101 7fff46f90b14 _errno 62 API calls 12099->12101 12108 7fff46f8fe50 12100->12108 12103 7fff46f8e7ad 12101->12103 12105 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12103->12105 12106 7fff46f81785 12105->12106 12106->11404 12109 7fff46f8e810 sprintf 62 API calls 12108->12109 12110 7fff46f8feb6 12109->12110 12111 7fff46f8feea 12110->12111 12112 7fff46f8febe 12110->12112 12123 7fff46f8ff06 12111->12123 12161 7fff46f95ea0 12111->12161 12113 7fff46f90b14 _errno 62 API calls 12112->12113 12116 7fff46f8fec3 12113->12116 12115 7fff46f8ff72 12118 7fff46f90b14 _errno 62 API calls 12115->12118 12117 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12116->12117 12119 7fff46f8fece 12117->12119 12120 7fff46f8ff77 12118->12120 12122 7fff46f8e750 sprintf 8 API calls 12119->12122 12121 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12120->12121 12121->12119 12124 7fff46f8e7eb 12122->12124 12123->12115 12127 7fff46f8ffa5 sprintf 12123->12127 12124->12106 12140 7fff46f8fb7c 12124->12140 12125 7fff46f91f6c sprintf 62 API calls 12125->12127 12126 7fff46f9084f 12128 7fff46f90b14 _errno 62 API calls 12126->12128 12127->12119 12127->12125 12127->12126 12129 7fff46f8fd0c 82 API calls write_char 12127->12129 12132 7fff46f90439 DecodePointer 12127->12132 12133 7fff46f8ea24 free 62 API calls 12127->12133 12134 7fff46f93ca0 _getbuf 62 API calls 12127->12134 12135 7fff46f9048d DecodePointer 12127->12135 12136 7fff46f904ad DecodePointer 12127->12136 12137 7fff46f96128 64 API calls sprintf 12127->12137 12138 7fff46f8fd54 82 API calls write_multi_char 12127->12138 12139 7fff46f8fda8 82 API calls sprintf 12127->12139 12130 7fff46f9089d 12128->12130 12129->12127 12131 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12130->12131 12131->12119 12132->12127 12133->12127 12134->12127 12135->12127 12136->12127 12137->12127 12138->12127 12139->12127 12141 7fff46f95ea0 _fileno 62 API calls 12140->12141 12142 7fff46f8fb9e 12141->12142 12143 7fff46f8fba9 12142->12143 12144 7fff46f8fbc0 12142->12144 12145 7fff46f90b14 _errno 62 API calls 12143->12145 12146 7fff46f8fbc5 12144->12146 12155 7fff46f8fbd2 wprintf 12144->12155 12148 7fff46f8fbae 12145->12148 12147 7fff46f90b14 _errno 62 API calls 12146->12147 12147->12148 12148->12106 12149 7fff46f8fc37 12150 7fff46f8fcd1 12149->12150 12151 7fff46f8fc44 12149->12151 12152 7fff46f95af8 _flush 82 API calls 12150->12152 12153 7fff46f8fc60 12151->12153 12156 7fff46f8fc79 12151->12156 12152->12148 12178 7fff46f95af8 12153->12178 12155->12148 12155->12149 12158 7fff46f8fc2b 12155->12158 12167 7fff46f95c2c 12155->12167 12156->12148 12202 7fff46f952b4 12156->12202 12158->12149 12175 7fff46f95bd8 12158->12175 12162 7fff46f95ea9 12161->12162 12163 7fff46f95eb9 12161->12163 12164 7fff46f90b14 _errno 62 API calls 12162->12164 12163->12123 12165 7fff46f95eae 12164->12165 12166 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12165->12166 12166->12163 12168 7fff46f95c42 12167->12168 12169 7fff46f95c35 12167->12169 12171 7fff46f95c3a 12168->12171 12172 7fff46f90b14 _errno 62 API calls 12168->12172 12170 7fff46f90b14 _errno 62 API calls 12169->12170 12170->12171 12171->12158 12173 7fff46f95c79 12172->12173 12174 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12173->12174 12174->12171 12176 7fff46f93ca0 _getbuf 62 API calls 12175->12176 12177 7fff46f95bf1 12176->12177 12177->12149 12179 7fff46f95b1b 12178->12179 12180 7fff46f95b33 12178->12180 12226 7fff46f90b34 12179->12226 12182 7fff46f95baa 12180->12182 12186 7fff46f95b65 12180->12186 12184 7fff46f90b34 __doserrno 62 API calls 12182->12184 12187 7fff46f95baf 12184->12187 12185 7fff46f90b14 _errno 62 API calls 12201 7fff46f95b28 12185->12201 12229 7fff46f97a44 12186->12229 12189 7fff46f90b14 _errno 62 API calls 12187->12189 12191 7fff46f95bb7 12189->12191 12194 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12191->12194 12192 7fff46f95b78 12239 7fff46f95398 12192->12239 12193 7fff46f95b89 12195 7fff46f90b14 _errno 62 API calls 12193->12195 12194->12201 12197 7fff46f95b8e 12195->12197 12199 7fff46f90b34 __doserrno 62 API calls 12197->12199 12198 7fff46f95b85 12291 7fff46f97aec LeaveCriticalSection 12198->12291 12199->12198 12201->12148 12203 7fff46f952d7 12202->12203 12204 7fff46f952ef 12202->12204 12205 7fff46f90b34 __doserrno 62 API calls 12203->12205 12206 7fff46f95369 12204->12206 12211 7fff46f95321 12204->12211 12207 7fff46f952dc 12205->12207 12208 7fff46f90b34 __doserrno 62 API calls 12206->12208 12209 7fff46f90b14 _errno 62 API calls 12207->12209 12210 7fff46f9536e 12208->12210 12212 7fff46f952e4 12209->12212 12213 7fff46f90b14 _errno 62 API calls 12210->12213 12214 7fff46f97a44 _fclose_nolock 64 API calls 12211->12214 12212->12148 12215 7fff46f95376 12213->12215 12216 7fff46f95328 12214->12216 12217 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12215->12217 12218 7fff46f95334 12216->12218 12219 7fff46f95346 12216->12219 12217->12212 12221 7fff46f9521c write_char 64 API calls 12218->12221 12220 7fff46f90b14 _errno 62 API calls 12219->12220 12222 7fff46f9534b 12220->12222 12223 7fff46f95341 12221->12223 12224 7fff46f90b34 __doserrno 62 API calls 12222->12224 12323 7fff46f97aec LeaveCriticalSection 12223->12323 12224->12223 12227 7fff46f91968 __getgmtimebuf 62 API calls 12226->12227 12228 7fff46f90b3d 12227->12228 12228->12185 12230 7fff46f97ab9 12229->12230 12231 7fff46f97a85 12229->12231 12232 7fff46f95b6c 12230->12232 12233 7fff46f97abd EnterCriticalSection 12230->12233 12234 7fff46f94488 _lock 62 API calls 12231->12234 12232->12192 12232->12193 12233->12232 12235 7fff46f97a8d 12234->12235 12236 7fff46f97aaf 12235->12236 12237 7fff46f97a95 InitializeCriticalSectionAndSpinCount 12235->12237 12292 7fff46f94388 LeaveCriticalSection 12236->12292 12237->12236 12241 7fff46f953ba _flush 12239->12241 12240 7fff46f953e2 12244 7fff46f8e750 sprintf 8 API calls 12240->12244 12241->12240 12242 7fff46f953ee 12241->12242 12247 7fff46f95454 12241->12247 12243 7fff46f90b34 __doserrno 62 API calls 12242->12243 12245 7fff46f953f3 12243->12245 12246 7fff46f95add 12244->12246 12248 7fff46f90b14 _errno 62 API calls 12245->12248 12246->12198 12249 7fff46f95469 12247->12249 12293 7fff46f9521c 12247->12293 12252 7fff46f953fa 12248->12252 12251 7fff46f95c2c _isatty 62 API calls 12249->12251 12253 7fff46f95470 12251->12253 12254 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12252->12254 12255 7fff46f95742 12253->12255 12258 7fff46f919ec _getptd 62 API calls 12253->12258 12254->12240 12256 7fff46f95a57 WriteFile 12255->12256 12257 7fff46f95759 12255->12257 12260 7fff46f9572c GetLastError 12256->12260 12286 7fff46f95702 12256->12286 12259 7fff46f95832 12257->12259 12267 7fff46f95767 12257->12267 12261 7fff46f95494 GetConsoleMode 12258->12261 12277 7fff46f95914 12259->12277 12280 7fff46f9583c 12259->12280 12260->12286 12261->12255 12263 7fff46f954c5 12261->12263 12262 7fff46f95a8d 12262->12240 12264 7fff46f90b14 _errno 62 API calls 12262->12264 12263->12255 12266 7fff46f954d2 GetConsoleCP 12263->12266 12268 7fff46f95ab5 12264->12268 12265 7fff46f95a31 12269 7fff46f95a81 12265->12269 12270 7fff46f95a36 12265->12270 12266->12286 12289 7fff46f954ec _flush 12266->12289 12267->12262 12271 7fff46f957b3 WriteFile 12267->12271 12267->12286 12272 7fff46f90b34 __doserrno 62 API calls 12268->12272 12306 7fff46f90b54 12269->12306 12274 7fff46f90b14 _errno 62 API calls 12270->12274 12271->12260 12271->12267 12272->12240 12273 7fff46f95964 WideCharToMultiByte 12273->12277 12279 7fff46f95a4d GetLastError 12273->12279 12278 7fff46f95a3b 12274->12278 12275 7fff46f95895 WriteFile 12275->12260 12275->12280 12277->12262 12277->12273 12281 7fff46f959b4 WriteFile 12277->12281 12277->12286 12282 7fff46f90b34 __doserrno 62 API calls 12278->12282 12279->12286 12280->12262 12280->12275 12280->12286 12281->12277 12284 7fff46f959fe GetLastError 12281->12284 12282->12240 12284->12277 12285 7fff46f97b14 WriteConsoleW CreateFileW _flush 12285->12289 12286->12240 12286->12262 12286->12265 12287 7fff46f95592 WideCharToMultiByte 12287->12286 12288 7fff46f955d5 WriteFile 12287->12288 12288->12260 12288->12289 12289->12260 12289->12285 12289->12286 12289->12287 12290 7fff46f9562e WriteFile 12289->12290 12303 7fff46f91fb4 12289->12303 12290->12260 12290->12289 12311 7fff46f979d0 12293->12311 12296 7fff46f9523e 12298 7fff46f90b14 _errno 62 API calls 12296->12298 12297 7fff46f9524f SetFilePointer 12299 7fff46f9526d GetLastError 12297->12299 12300 7fff46f95243 12297->12300 12298->12300 12299->12300 12301 7fff46f95277 12299->12301 12300->12249 12302 7fff46f90b54 _close_nolock 62 API calls 12301->12302 12302->12300 12304 7fff46f8e810 sprintf 62 API calls 12303->12304 12305 7fff46f91fc8 12304->12305 12305->12289 12307 7fff46f91968 __getgmtimebuf 62 API calls 12306->12307 12308 7fff46f90b61 12307->12308 12309 7fff46f91968 __getgmtimebuf 62 API calls 12308->12309 12310 7fff46f90b7a realloc 12309->12310 12310->12240 12312 7fff46f979d9 12311->12312 12314 7fff46f979ee 12311->12314 12313 7fff46f90b34 __doserrno 62 API calls 12312->12313 12316 7fff46f979de 12313->12316 12315 7fff46f90b34 __doserrno 62 API calls 12314->12315 12320 7fff46f95238 12314->12320 12317 7fff46f97a28 12315->12317 12318 7fff46f90b14 _errno 62 API calls 12316->12318 12319 7fff46f90b14 _errno 62 API calls 12317->12319 12318->12320 12321 7fff46f97a30 12319->12321 12320->12296 12320->12297 12322 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12321->12322 12322->12320 12325 7fff46f8f297 12324->12325 12326 7fff46f8f2ac 12324->12326 12327 7fff46f90b14 _errno 62 API calls 12325->12327 12329 7fff46f93d20 __onexitinit 62 API calls 12326->12329 12328 7fff46f8f29c 12327->12328 12330 7fff46f90aac _invalid_parameter_noinfo 17 API calls 12328->12330 12331 7fff46f8f2c0 12329->12331 12332 7fff46f83b1a 12330->12332 12333 7fff46f8f330 12331->12333 12334 7fff46f919ec _getptd 62 API calls 12331->12334 12332->11412 12332->11413 12335 7fff46f8ea24 free 62 API calls 12333->12335 12336 7fff46f8f2cd 12334->12336 12337 7fff46f8f338 12335->12337 12338 7fff46f918b0 __getgmtimebuf 62 API calls 12336->12338 12337->12332 12340 7fff46f90b54 _close_nolock 62 API calls 12337->12340 12339 7fff46f8f2dc CreateThread 12338->12339 12339->12332 12341 7fff46f8f328 GetLastError 12339->12341 12340->12332 12341->12333

                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8CCA0 Relevance: 63.2, APIs: 18, Strings: 18, Instructions: 157libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: C:\Windows\System32\winhttp.dll$WinHttpAddRequestHeaders$WinHttpCloseHandle$WinHttpConnect$WinHttpCrackUrl$WinHttpGetIEProxyConfigForCurrentUser$WinHttpGetProxyForUrl$WinHttpOpen$WinHttpOpenRequest$WinHttpQueryDataAvailable$WinHttpQueryHeaders$WinHttpReadData$WinHttpReceiveResponse$WinHttpSendRequest$WinHttpSetOption$WinHttpSetTimeouts$WinHttpWriteData$\winhttp.dll
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2141747552-2641374833
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 089c06d1af091e0c17799c81bbc05d1d6e9c66b6d799a10e10627d5d458f1520
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 59c0075a7e99d64a5010743800315c724153dce5e4031156e5c0454b4055034e
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 089c06d1af091e0c17799c81bbc05d1d6e9c66b6d799a10e10627d5d458f1520
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33A17065A1CB0BE1FA90AB54E958B75A3E2FF48764F405135C9DE826E0FF7CA188C350
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F920E4 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 182 7fff46f920e4-7fff46f9210a HeapCreate 183 7fff46f9210c-7fff46f92114 GetVersion 182->183 184 7fff46f92135-7fff46f92139 182->184 185 7fff46f92130 183->185 186 7fff46f92116-7fff46f9212a HeapSetInformation 183->186 185->184 186->185
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Heap$CreateInformationVersion
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3563531100-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c066b1ed3716f830aa7aa844aad38b7c406109094caa469839ec7538c2cbecee
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0093bc1c3018abbdb8c3004884e129439f259cae978a48aeb1c1e0f1fb4f35b4
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c066b1ed3716f830aa7aa844aad38b7c406109094caa469839ec7538c2cbecee
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46E06535A2D64A82F7857750E845F7992D1FF48724F800038E98E027D8FF3CA1498700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F89150 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Mutex$CloseComputerCreateHandleNameObjectOpenReleaseSingleWait
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: 89177680X$89177680X$@
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2538731758-437730881
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b75a245fcc4db60a7c22b380df1f20041864387e75f84945554101cee9a5fa4
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 47a7f3a0f56bdefe1ab58a970eab2dc70fb19e0dbd1f9e9c8f53364dd0f802ff
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b75a245fcc4db60a7c22b380df1f20041864387e75f84945554101cee9a5fa4
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6216D31A1DB4985EB54AB24E81877DB2E1BF48764F415239DAAD42BD5FF3CE415C300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9A3B4 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$AttributesErrorFileLast__doserrno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2953107838-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a13ef99d504b49b9bbf0a28b1d8e990d7f2e35daf03fec606c9ad08bb2aaff07
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 896fd41e3eb7adaa70ac736e40fb643b4359de5241c7db8a746f417363994a08
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a13ef99d504b49b9bbf0a28b1d8e990d7f2e35daf03fec606c9ad08bb2aaff07
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13011A20E4D60F86FA613EB8C846BB8A1E06F40778F500134DD99862DEFF3D68499A21
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8F5A0 Relevance: 10.6, APIs: 7, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • _lock.LIBCMT ref: 00007FFF46F8F5C9
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F94488: _amsg_exit.LIBCMT ref: 00007FFF46F944B2
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00007FFF46F8F77D,?,?,00000000,00007FFF46F944B7), ref: 00007FFF46F8F5FC
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00007FFF46F8F77D,?,?,00000000,00007FFF46F944B7), ref: 00007FFF46F8F61A
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00007FFF46F8F77D,?,?,00000000,00007FFF46F944B7), ref: 00007FFF46F8F65A
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00007FFF46F8F77D,?,?,00000000,00007FFF46F944B7), ref: 00007FFF46F8F674
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00007FFF46F8F77D,?,?,00000000,00007FFF46F944B7), ref: 00007FFF46F8F684
                                                                                                                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00007FFF46F8F710
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: DecodePointer$ExitProcess_amsg_exit_lock
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3411037476-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 866fdde3aeb45fb6ff685f750e1a44cba022061026c0c0267f05f2bfc3bbcba2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bf4be19056c8c445f7fb3f2aa2e8e148a98a29000e21136488a2ed0dff12b3c5
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 866fdde3aeb45fb6ff685f750e1a44cba022061026c0c0267f05f2bfc3bbcba2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15413A21A2E74A95E650BB11F840929A2E4BF88BE4F044175DACD437E9FF3CE455C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8F780 Relevance: 10.6, APIs: 7, Instructions: 93threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 112 7fff46f8f780-7fff46f8f790 113 7fff46f8f80f-7fff46f8f811 112->113 114 7fff46f8f792-7fff46f8f799 call 7fff46f920e4 112->114 116 7fff46f8f860-7fff46f8f863 113->116 117 7fff46f8f813-7fff46f8f81b 113->117 119 7fff46f8f79b-7fff46f8f79d 114->119 125 7fff46f8f7a2-7fff46f8f7a9 call 7fff46f91b84 114->125 121 7fff46f8f8bb-7fff46f8f8be 116->121 122 7fff46f8f865-7fff46f8f87f call 7fff46f9187c call 7fff46f93d20 116->122 117->119 120 7fff46f8f821-7fff46f8f82f 117->120 126 7fff46f8f8cc-7fff46f8f8d1 119->126 127 7fff46f8f831 call 7fff46f8f748 120->127 128 7fff46f8f836-7fff46f8f839 120->128 123 7fff46f8f8c7 121->123 124 7fff46f8f8c0-7fff46f8f8c2 call 7fff46f91b44 121->124 122->119 147 7fff46f8f885-7fff46f8f899 FlsSetValue 122->147 123->126 124->123 141 7fff46f8f7ab-7fff46f8f7b0 call 7fff46f9213c 125->141 142 7fff46f8f7b2-7fff46f8f7d7 call 7fff46f947ac GetCommandLineA call 7fff46f95064 call 7fff46f94924 125->142 127->128 134 7fff46f8f84b-7fff46f8f84e 128->134 135 7fff46f8f83b-7fff46f8f84a call 7fff46f94bf8 call 7fff46f91888 call 7fff46f9213c 128->135 134->123 136 7fff46f8f850-7fff46f8f857 134->136 135->134 136->123 140 7fff46f8f859-7fff46f8f85e call 7fff46f91888 136->140 140->123 141->119 166 7fff46f8f7d9-7fff46f8f7de call 7fff46f91888 142->166 167 7fff46f8f7e0-7fff46f8f7e7 call 7fff46f94f6c 142->167 153 7fff46f8f89b-7fff46f8f8af call 7fff46f918b0 GetCurrentThreadId 147->153 154 7fff46f8f8b1-7fff46f8f8b6 call 7fff46f8ea24 147->154 153->123 154->119 166->141 172 7fff46f8f808-7fff46f8f80d call 7fff46f94bf8 167->172 173 7fff46f8f7e9-7fff46f8f7f0 call 7fff46f94c6c 167->173 172->166 173->172 178 7fff46f8f7f2-7fff46f8f7f4 call 7fff46f8f4f0 173->178 180 7fff46f8f7f9-7fff46f8f7fb 178->180 180->172 181 7fff46f8f7fd-7fff46f8f803 180->181 181->123
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F920E4: HeapCreate.KERNELBASE ref: 00007FFF46F920FA
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F920E4: GetVersion.KERNEL32 ref: 00007FFF46F9210C
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F920E4: HeapSetInformation.KERNEL32 ref: 00007FFF46F9212A
                                                                                                                                                                                                                                                                                                                                                                                                    • _RTC_Initialize.LIBCMT ref: 00007FFF46F8F7B2
                                                                                                                                                                                                                                                                                                                                                                                                    • GetCommandLineA.KERNEL32(?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F8F7B7
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F95064: GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F9507D
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F95064: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F950D4
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F95064: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F9510F
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F95064: free.LIBCMT ref: 00007FFF46F9511C
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F95064: FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F95127
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F94924: GetStartupInfoW.KERNEL32 ref: 00007FFF46F94945
                                                                                                                                                                                                                                                                                                                                                                                                    • __setargv.LIBCMT ref: 00007FFF46F8F7E0
                                                                                                                                                                                                                                                                                                                                                                                                    • _cinit.LIBCMT ref: 00007FFF46F8F7F4
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F91888: FlsFree.KERNEL32(?,?,?,?,00007FFF46F8F85E,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F91897
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F91888: DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,00007FFF46F8F85E), ref: 00007FFF46F94333
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F91888: free.LIBCMT ref: 00007FFF46F9433C
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F91888: DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,00007FFF46F8F85E), ref: 00007FFF46F94363
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F93D20: Sleep.KERNEL32(?,?,?,00007FFF46F9199B,?,?,00000000,00007FFF46F90B1D,?,?,?,?,00007FFF46F8EA49), ref: 00007FFF46F93D65
                                                                                                                                                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F8F88E
                                                                                                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FFF46F8F8A2
                                                                                                                                                                                                                                                                                                                                                                                                    • free.LIBCMT ref: 00007FFF46F8F8B1
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F8EA24: HeapFree.KERNEL32(?,?,?,00007FFF46F811CB), ref: 00007FFF46F8EA3A
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F8EA24: _errno.LIBCMT ref: 00007FFF46F8EA44
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: free$FreeHeap$ByteCharCriticalDeleteEnvironmentMultiSectionStringsWide$CommandCreateCurrentInfoInformationInitializeLineSleepStartupThreadValueVersion__setargv_cinit_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2481119767-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d8ccd173bbab46f3f01a0f199c202493a8a32a9f1743bcac0781349543db5783
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ae06e8cb44f5277b51ada8a22a979cd3c62ba86db5ac79f9612440be1bd476ea
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8ccd173bbab46f3f01a0f199c202493a8a32a9f1743bcac0781349543db5783
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7311320E0E60F49FBA477A6D505EBDD1D49F543B4F2041B5D9DD451CAFF2CB444A222
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9F6E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 227 7fff46f9f6e0-7fff46f9f6ee 228 7fff46f9f6f0-7fff46f9f6f6 FreeLibrary 227->228 229 7fff46f9f701-7fff46f9f705 227->229 228->229
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 44e75fdb5981195aa820b263a2df1a8e36d949482e952861a1f8c67178d484fc
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ab51a5ae4f31fdd6bb545f3e5a617f4ec9c4f093cc338c644313a6ac4607f9c
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44e75fdb5981195aa820b263a2df1a8e36d949482e952861a1f8c67178d484fc
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CC01228F0EA0BC0EA4ABB81F841B30A2E07F44769F800030C88E82690EF2C20184700

                                                                                                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8BB30 Relevance: 65.2, APIs: 23, Strings: 14, Instructions: 464sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$sprintf_s$ExclusiveLockTime_localtime64rand$AcquireFileReleaseSleepSystem__getgmtimebuf_getptdwcsftimewsprintf
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: %a, %d %b %Y %H:%M:%S GMT$%s: %s$Accept$Accept-Language$Connection$Cookie$GET$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36$User-Agent$close$en-US,en;q=0.5$keep-alive$phpsessid=%s; b=%d; path=/; expires=%s$text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1967353757-3119913440
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1cba5308b3e96e4e14d7076c809d75cc2f7edbf3114475d1624509441a19df38
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 46eb369d5669b2ad775f1d4be6911ebfb18e80b5c12fa9ba3df59c25c4992288
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cba5308b3e96e4e14d7076c809d75cc2f7edbf3114475d1624509441a19df38
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2229272A1CA4686E760EF65E850ABAB3E5FB84764F404135DA8D83AD8FF3CD509D700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F95398 Relevance: 40.7, APIs: 22, Strings: 1, Instructions: 465COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3902385426-4171548499
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b947a1b6f806e2107d5d6eced03ba07a35eaeae1a0187ba0dafa7a8d0e8c8e46
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 265635fb6d1eb876a1d634528612bc86e147878fccb001da8a461bf0b52bf40c
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b947a1b6f806e2107d5d6eced03ba07a35eaeae1a0187ba0dafa7a8d0e8c8e46
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F12E522A1C64A86EB20AF25D444B79EBE0FB847A4F544135DACD476D8EF3CF849C710
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F96BF8 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 136libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96C3D
                                                                                                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96C59
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96C6B
                                                                                                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96C82
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96C8B
                                                                                                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96CA2
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96CAB
                                                                                                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96CC2
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96CCB
                                                                                                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96CEA
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96CF3
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96D26
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96D36
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96D8C
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96DAD
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F96DC7
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2643518689-564504941
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 768866f79a0a06c0118220a26e8c25f5475b78bc11ff1b0a83067c9d8c5c3efc
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ddd98e1aa8b082e250c267291363e0a53b8404255e3403bf844008839e4b33a4
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 768866f79a0a06c0118220a26e8c25f5475b78bc11ff1b0a83067c9d8c5c3efc
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F51F524B0EB0F90FA95BB51F914975A2E1AF49BA4F15443ACC9E033E8FE3DE5498240
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9BB00 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 292timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • _lock.LIBCMT ref: 00007FFF46F9BB2B
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F94488: _amsg_exit.LIBCMT ref: 00007FFF46F944B2
                                                                                                                                                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FFF46F9BB41
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9BAB0: _errno.LIBCMT ref: 00007FFF46F9BAB9
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9BAB0: _invalid_parameter_noinfo.LIBCMT ref: 00007FFF46F9BAC4
                                                                                                                                                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FFF46F9BB56
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9BA50: _errno.LIBCMT ref: 00007FFF46F9BA59
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9BA50: _invalid_parameter_noinfo.LIBCMT ref: 00007FFF46F9BA64
                                                                                                                                                                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FFF46F9BB6B
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9BA80: _errno.LIBCMT ref: 00007FFF46F9BA89
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9BA80: _invalid_parameter_noinfo.LIBCMT ref: 00007FFF46F9BA94
                                                                                                                                                                                                                                                                                                                                                                                                    • ___lc_codepage_func.LIBCMT ref: 00007FFF46F9BB78
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F9C294: __wtomb_environ.LIBCMT ref: 00007FFF46F9C2C4
                                                                                                                                                                                                                                                                                                                                                                                                    • free.LIBCMT ref: 00007FFF46F9BBE9
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F8EA24: HeapFree.KERNEL32(?,?,?,00007FFF46F811CB), ref: 00007FFF46F8EA3A
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F8EA24: _errno.LIBCMT ref: 00007FFF46F8EA44
                                                                                                                                                                                                                                                                                                                                                                                                    • free.LIBCMT ref: 00007FFF46F9BC52
                                                                                                                                                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000001,%a, %d %b %Y %H:%M:%S GMT,00007FFF46F9BFA6,?,?,?,?,00007FFF46F99E42), ref: 00007FFF46F9BC65
                                                                                                                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000001,%a, %d %b %Y %H:%M:%S GMT,00007FFF46F9BFA6,?,?,?,?,00007FFF46F99E42), ref: 00007FFF46F9BD1B
                                                                                                                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000001,%a, %d %b %Y %H:%M:%S GMT,00007FFF46F9BFA6,?,?,?,?,00007FFF46F99E42), ref: 00007FFF46F9BD6E
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$_get_daylight_invalid_parameter_noinfo$ByteCharMultiWidefree$FreeHeapInformationTimeZone___lc_codepage_func__wtomb_environ_amsg_exit_getptd_lock
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: %a, %d %b %Y %H:%M:%S GMT
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2790842836-807128940
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b7488d8319ef6a5455d57cc15ad537af662f0e722ebb32a9a089af6c8a5444f6
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ce2b7b6fadca9ba44d926a11685f1faa156f68570fda1b2f90b363d84576e19
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7488d8319ef6a5455d57cc15ad537af662f0e722ebb32a9a089af6c8a5444f6
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DC1B232A1C28A85E760BF25E541A7BA7D5BF85764F404035DACD53BDAEF3CE4198B00
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F92188 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 159fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: File_set_error_mode$CurrentHandleModuleNameProcessWrite
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2183313154-4022980321
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3a9637a2246944ac598f94c70cb25682912a1d5d0f345331b80dd68f35751d4f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8d98a72fbe89a24fca950fc330f20ab1115ff9259292793ffdea0ec978d3ebd3
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a9637a2246944ac598f94c70cb25682912a1d5d0f345331b80dd68f35751d4f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2051B421B2C78A41F764FB65E412EBAE2D1AF857A4F440135EEDD42AC9FF3CE5098604
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8E750 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3778485334-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7279829eba56798d4ff5e094b17861da11b4fc98421f70ed0dab1732fa78f7f8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a20dbc3757c4ee600240d72b69797bb9c781f4fa5f7f93402fe845f888ff120
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7279829eba56798d4ff5e094b17861da11b4fc98421f70ed0dab1732fa78f7f8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6431B53591DB4A85EB50AB54F450BAAE3E0FB48764F904036DACD46BA5EF7CE444C740
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F908BC Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 693338b01dabe26b8eb887c175f206988dda9898769ee661acfb6a3e73b80ac2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 20470750c0fc707f0046310bb4aedb6f6ca4c620cbc7e2b9202d949921802b2f
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 693338b01dabe26b8eb887c175f206988dda9898769ee661acfb6a3e73b80ac2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C31213261CB8586DB60DF25E850AAEB3E4FB84768F500135EADD43B99EF38D549CB40
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F81630 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ConditionInitializeVariable$CreateGuid_errno_invalid_parameter_noinfosprintf
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: %08x%04x%04x%02x%02x%02x%02x%02x%02x%02x%02x
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1685007148-2177902543
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ef18b3b2041d040ba4d6dd05bdaaf984408b6795fca7383eb706270d7f648222
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c908c1f22b08e374ff37ee05e7cd177aaee152b7081b75d74dc5e2399dcfdd3
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef18b3b2041d040ba4d6dd05bdaaf984408b6795fca7383eb706270d7f648222
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D51BB22A18AC58AE761DF35D804BED7BE5F745358F440236EA8D83B99EF389614CB00
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8D4A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: wcsncpy$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: MYUSERAGENT$h
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 689385009-1309023130
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 030fc64784ccbf2f34255ff59e0e8b22de3a126c8c57b25dddffde9fddd06c22
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e59ab0a409c9ce918c2847e4350f23f29f551332799a9e2f9e028ea2088be101
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 030fc64784ccbf2f34255ff59e0e8b22de3a126c8c57b25dddffde9fddd06c22
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E517E3270D68A86EB24DB11E814F6AB3E4FF89794F404035DA8D43A98EF3CE418CB00
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8E5F0 Relevance: 6.3, APIs: 5, Instructions: 87memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: free$Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3493288988-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c5075a907ab7c5e8450978f66f78b4cd1abcef34555d7b196a402fbff9f382f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: daa5b9cfe0189d52cec261bb97d86b12ec6c026ba3a08bfa74eb3f21ac38145d
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c5075a907ab7c5e8450978f66f78b4cd1abcef34555d7b196a402fbff9f382f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9318B26B18A4592EB64EF56E140B6DA3F0FB89FA0F084035DF8D13B90EF38E4618700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F98F40 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Time$FileSystem
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2086374402-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9269c4a1ddd35c255c6274a781e11f0e49ccd8af5b8941e538daff74cc060234
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1d64ddf309343a0aa6bdba3ea73d09fb0d49b97322aa9166c4a29eddb302ecee
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9269c4a1ddd35c255c6274a781e11f0e49ccd8af5b8941e538daff74cc060234
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CE09BE2B2994C42EE10EB15E415515A2D1AF14BF4E04A3319E7D0E7D8FF1CC4544700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9631C Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 297 7fff46f9631c-7fff46f9631f 298 7fff46f96709 297->298 299 7fff46f96325-7fff46f96708 call 7fff46f8ea24 * 86 297->299 299->298
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: free$FreeHeap_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2737118440-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 02fea24cbe4ef181fcb7ebd9742047bf452bc0694d6f5ec64ac189b5745458c8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: edd9df30bda5d52672b1c0bbf73f2725847fecce34256d745c4fb0bd3dad4fa7
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02fea24cbe4ef181fcb7ebd9742047bf452bc0694d6f5ec64ac189b5745458c8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAA18322A2D58A81EE51FA31D8956FC53B0BF84F54F046172EA8D6A1E7EF14E841E312
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F98034 Relevance: 32.0, APIs: 21, Instructions: 482COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2315031519-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 344336e4242a494b754a63a5933df36b42689ea8d21446a73a02213f3b796cc1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6632dccd11025123c908c7eaa1cb33da164dbe75b6e420126e81499733b230d1
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 344336e4242a494b754a63a5933df36b42689ea8d21446a73a02213f3b796cc1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8222F812A0C68A45E7526F64C440ABCABE1BF41778FD48535CEAE076DAEF3CE409CB01
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9E5BC Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 334COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd$BlockUnwind$std::exception::exception$BaseEntryExceptionFunctionImageLookupRaiseThrowtype_info::operator==
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: bad exception$csm$csm$csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1639654010-820278400
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 13a2e26053b757fb107597781991372d482037ef1b0ead402d03625bfefcc5f1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d927bc11c8dd54b68c0f904dc48e265476745aea92ec68995bd70963de039c94
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13a2e26053b757fb107597781991372d482037ef1b0ead402d03625bfefcc5f1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CE17622A0C64A86EB64AB65D040BBEA7E0FF547A4F544135DE8D07BCEEF38E459C701
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8D070 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 281COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FreeGlobal$wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: ftp=$http=$https=$socks=
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3298634186-181328749
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b02ea74b1328d8abad4e3ecfc3ee7fc86ed6f101c475278383dbb5d80f1e2690
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f02f44760a2ab2c37f343f1ce9349ec3eb91170497084c9ec060ae76666fc82
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b02ea74b1328d8abad4e3ecfc3ee7fc86ed6f101c475278383dbb5d80f1e2690
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20C16C22B0DB0599EB50EBA5D541ABCB3F2AF447A8B000176DE9E57AC8FF38E515C340
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8E070 Relevance: 21.2, APIs: 14, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,00007FFF46F813E6), ref: 00007FFF46F8E096
                                                                                                                                                                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,00007FFF46F813E6), ref: 00007FFF46F8E0F7
                                                                                                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,00007FFF46F813E6), ref: 00007FFF46F8E12F
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoNativeSystem
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3902313427-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c634fe4b63528a46d79e83db59a25b3bb4813fbc2a572a94c4a1d7566233c911
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a7a6c416219b0fd17c42f389a871d4248fc78f1159ef68e19e5b1b0a141780a2
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c634fe4b63528a46d79e83db59a25b3bb4813fbc2a572a94c4a1d7566233c911
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDA14932B0DA0A86EB24AB16E554BA9A3E4FB48B98F444575CE8D47BD0FF3CE415D700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F91614 Relevance: 19.6, APIs: 13, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: free$FreeHeap__free_lconv_mon__free_lconv_num_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2573795696-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f3b1228e7760912d27334683a21ced0f818f5389254d6dda3b8ed02791895ec1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 00e5aa779ce5a92b33b6e762cdc7e14ecdfa6bfd0c00d50852a2adf2f14156f1
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3b1228e7760912d27334683a21ced0f818f5389254d6dda3b8ed02791895ec1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D41F031E1D54A84FE65FF21C550BB8A3E0AF84F64F084431DA8D5A2D9EF2CA455D612
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9C094 Relevance: 18.1, APIs: 12, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _fileno$_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 482796045-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 442a4c9257a4400c808ae90231e271e5dd6f82a4a34798339e487ce6d00ea357
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: af1336cbe36bd4abae9d21d93b216a522e1ccc73f824dfd1d7a79928a5f32517
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 442a4c9257a4400c808ae90231e271e5dd6f82a4a34798339e487ce6d00ea357
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C75159A1A1C54A81E7247B75C5919BDA6D1AF42BF4F940331EAEE472D9FF2CE8468300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9DDF8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd$CreateFrameInfo_amsg_exit
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2825728721-1018135373
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e3963bb36d9a4cf52eb4dd46ec7c1714b3f7d55df18ffb842691cbd2375e988
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 28a708e34b49512ae63c236817f6cfa1e17d6c1a3b888869ccf5f8edde5bfb23
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e3963bb36d9a4cf52eb4dd46ec7c1714b3f7d55df18ffb842691cbd2375e988
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1412F3650CA8682D670AB12E441BBAB7E4FB447A8F144136EEDD47BD9EF38D069C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9CC1C Relevance: 16.8, APIs: 11, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: free$_errno$EnvironmentVariable__wtomb_environ_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 101574016-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d6df3287d48cb8a154e3b46bd0c577653929c116fc2df4120c1b998ed451bfc2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 576fe5a354c307778a5b32fc669a77ddad8209d383c58a0e3513dae5963f8da1
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6df3287d48cb8a154e3b46bd0c577653929c116fc2df4120c1b998ed451bfc2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CA1CDE1A0E64A45FA61BB15E900A79E6D1AF44BB8F148535DEDD0B7CDFF3CA4498300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9C748 Relevance: 15.2, APIs: 10, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFF46F9CAF2), ref: 00007FFF46F9C83B
                                                                                                                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFF46F9CAF2), ref: 00007FFF46F9C8BA
                                                                                                                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFF46F9CAF2), ref: 00007FFF46F9C961
                                                                                                                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFF46F9CAF2), ref: 00007FFF46F9C987
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$Info
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1775632426-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 45d1dba52d36e22d7ca587739359eff6f87537af6bcdf190900cc04d5f574c6f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 53e07426b67715bf9b6198137412b9231886f9c51f2b680be3d3021b9ea34243
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45d1dba52d36e22d7ca587739359eff6f87537af6bcdf190900cc04d5f574c6f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EA1B1E2E0C28685EB65AB15D410AB9AAD1BB45BB4F448235D9DD477C9FF3CE948C300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F91C08 Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocHeap_callnewh
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1080698880-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a0b8b58258edf1bf0c4b2dd0193f5de819ebabf139a8942e5ab40d3bd34c740d
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c874b61c4a834557c8ac1a0d80af48609f3a7c495fdb16d8409cf391006359de
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0b8b58258edf1bf0c4b2dd0193f5de819ebabf139a8942e5ab40d3bd34c740d
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32819332A0C74686EB25EF25D4409B9A6E5FB48BB4F544635EA9D43BD8EF3CE4048700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F95F64 Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2295021086-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4ef9dd3530ff6f3223f5b8e18593d93681473d8480da1bea8057af30aeddc8d1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e24133e6d385d7d97dcd3588069a2d3eb1f5fe3894f85e112c8fcd3dbd55cd5
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef9dd3530ff6f3223f5b8e18593d93681473d8480da1bea8057af30aeddc8d1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D517822F0D64A89FB61AF61C440BBCA6E0AF417BCF145134DE9D466DDEF3CA4498700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F94924 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CountCriticalFileInfoInitializeSectionSleepSpinStartupType
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3473179607-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e0396b92d363f1106b0e93f6b77a35962e7817f85dbe5dc0d302a7a5fd9352c2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 82f077d7afbca0f70da7013f3bba9de2c09eba185b860d883a6e577940ed4e96
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0396b92d363f1106b0e93f6b77a35962e7817f85dbe5dc0d302a7a5fd9352c2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3815C22A0C78A85EB14AF25D494B69A7E4FB54B78F544335CABE422D8FF3CE459C304
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F98758 Relevance: 13.6, APIs: 9, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2315031519-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5d80ff5d62fdf20a20f4f53a66697990b7182dd2e768f55f79f01d9dd08c7cf3
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d8114d04e7277bbbc8fa9ee4cd2fa5331b431f76530bc7475c05f30221e9e148
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d80ff5d62fdf20a20f4f53a66697990b7182dd2e768f55f79f01d9dd08c7cf3
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3312722B0C24A45E7157F61D84093DE5E06F807B4F950539EEAC073DAEF3CA449CB20
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9B6E4 Relevance: 12.1, APIs: 8, Instructions: 142COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2959964966-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cc47c77a0d8acca3da7ff4506eaed4493c70cc7605f0e3a04cb29c1c2e300aff
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a81e46aed2d700e96dd90104b1659caecf3539aab162c8941b28e0f78067015a
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc47c77a0d8acca3da7ff4506eaed4493c70cc7605f0e3a04cb29c1c2e300aff
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1051D522A2C68A85FB65AF21D44097EA6E4BF04BB8F144735DEAD077D8EF3CD4068701
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F971E0 Relevance: 12.1, APIs: 8, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2959964966-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f62b32289c5c4a67da5d40ca9fba923777253bc18f8abd659722a5cdae096c0e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b2e502fdcd7092757ccb6f99ac7f46eeb9fa473fcb3bc7cc8478683f9380f146
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f62b32289c5c4a67da5d40ca9fba923777253bc18f8abd659722a5cdae096c0e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7941D431A1CB4A42EB646B75C141A78A7E0EF01764F600535EBDD836C9EF3CF8A98B40
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F943A0 Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _set_error_mode$CriticalSection_errno$CountExitFileInitializeLeaveModuleNameProcessSleepSpin_lockfreemalloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 113790786-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3945fa138ada85598e7bcf2f0593a9b123ca53fd842dc3f0d4b4486b0836a916
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 556dd18589b10556bc045c296a89a191a26366a5ae6bc19f8b7501c69f58e39e
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3945fa138ada85598e7bcf2f0593a9b123ca53fd842dc3f0d4b4486b0836a916
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41216D21E1D64A82F664BB64E401F7EE2E0BF907A8F044134D9CE476CAEF3CE8499751
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F99364 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 332timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FormatTime$freemalloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1270501263-3206640213
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 86be381c51ef080e32ece5498913d5f70d1b232dce6be80998e935f47794d5c5
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 54d7f80f463d5f3296a96aa6bba034ad5e165b1f7352af47d2ea76136716665e
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86be381c51ef080e32ece5498913d5f70d1b232dce6be80998e935f47794d5c5
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACD18326A1C64A86E764AF15C540979A3E1FF447A5F5E8032EA9D46EDCFF3CE848C301
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8FB7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$_fileno_getbuf_invalid_parameter_noinfo_isatty
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: {%u;%u;%u;%u}
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2574049805-1208780576
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 266ab8518996f20307b9183907f14c89d97bd6f4231dbf1abb95861c1b699c3b
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1351765e16e60a9b89e4fc89e99fd3dcb74490d90fdd1245c0f6a1fdb8f0f5d1
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 266ab8518996f20307b9183907f14c89d97bd6f4231dbf1abb95861c1b699c3b
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F241F472A0D64A4AEB14AF28C451A38B6E0EF45BB4F140235DAED473C6EF3CEA51D740
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9B8D4 Relevance: 10.6, APIs: 7, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 62757d5113439fe0d3586012ff78b04608e98ebebc08d9d181c66df08d36d601
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 297111bab3a2b2150243c3f7729b16f2c1b406782b8322d3444e99e07f949330
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62757d5113439fe0d3586012ff78b04608e98ebebc08d9d181c66df08d36d601
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE41B721A2C78A45FBA1AF14E540A7AE2E0BF51BB4F144235EEED176DEEE3CD4458700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F952B4 Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 343f98f21672fe40b4ddba01276963d03330f0a61c639b175a8846b8b0da7625
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f138fe5320d0e0b5090a0d59aa2897c1c6e4735d69bcefc308f316a0675d9ef5
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 343f98f21672fe40b4ddba01276963d03330f0a61c639b175a8846b8b0da7625
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C21C422A1D64945EA157F25D842E7DAA916F407B5F090338DEAC473DAEF7CB8458310
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F95AF8 Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3c15dcc8895f6719d5047371d61304b524e0c31c391c36e9f7c041e1130ce1f3
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a5f11dbad67309df0fb9c86445eaf9a4249e0e70385a5cdfd495fd8ce08a0a0b
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c15dcc8895f6719d5047371d61304b524e0c31c391c36e9f7c041e1130ce1f3
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8210022A1C64A45E6517F25D851B7DEAE1AF807B5F090138EE98072DAEF7CBC45C320
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F989F0 Relevance: 10.6, APIs: 7, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$BuffersErrorFileFlushLast__doserrno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1845094721-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6b8b23ff7267d1a38455d395a45cc254f7fb1a2ce3a9729f821f1c6543ba2098
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d56805c28a0ac73b809d1fe0ee8f5dcff7881622ebb18847370cb4481e495ea7
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b8b23ff7267d1a38455d395a45cc254f7fb1a2ce3a9729f821f1c6543ba2098
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621F221B0C64E46F7157F65D880A7DA6D15F807B4F480538EAAD072DAFE3CA448CA10
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8B8E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfowsprintf$CloseHandlerandwprintf
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: %hs$pid=%u sessid=%s
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1264487227-3407781654
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 67215a1f5e3cfc71a0fea856748d8ca12909ed4d7c1a697edede61fb1a668125
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f265a5f056c78ab65b9667bd92880db7f461789de0bd61ca2053adf52c34f192
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67215a1f5e3cfc71a0fea856748d8ca12909ed4d7c1a697edede61fb1a668125
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF21713261CB8992E750EB51E444AAAB3E1FB88794F804135EACD43B99EF3CE165C740
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F98CD4 Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_close_nolock_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 186997739-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 17bda92d4031d41eacc3bf8d736ab7225b9066dcdb7060435ae74483a9aca708
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bd704c94e39c8a074f421a7ed54bda20f4db356bf88c27d7b035ad784d5215bf
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17bda92d4031d41eacc3bf8d736ab7225b9066dcdb7060435ae74483a9aca708
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F811C321E0C24E45F7257F21D885A7CA5A1AF907B0F590A3AD9AD073DEEE3CA8448B10
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8FDA8 Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$write_char
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1772936973-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ad9eff3b377a6fdab995794f80081f554a6dba590c0219a87d2b734623def592
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: cf37a2a61d4e5d19e3bfe09fc1f96f81ae730469a575384b4cb4ac1afe60eb6c
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad9eff3b377a6fdab995794f80081f554a6dba590c0219a87d2b734623def592
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3111812290D78A8AE6607F12D000769B6E0BF85BE8F1440B5DBD8477C7EF3CE8519750
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9A9CC Relevance: 10.6, APIs: 7, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$write_char
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1772936973-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7dc840026ca209d6450c5d07d296eb6ba536a7327f52a0becf6dfd7426e415ab
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 14aeeccc9e3903e891f84d41df40414d8f7a5b2b1db9c89483e331fb788c086c
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dc840026ca209d6450c5d07d296eb6ba536a7327f52a0becf6dfd7426e415ab
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83116A2290C68AC6E7607F12D401778B2E0FB96BA8F054034EB89077CAEF3CE8858710
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9DADC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd$_amsg_exit
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2610988583-2671469338
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 696a1a6bfe53f3aa6375f9a0ae73f51b7ce3c0930a2ce4c35f92e4a027d0c35f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e3b8e69cde28e87140e8b4f6a59cce6efa175559dd95542ed4186729de8111a7
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 696a1a6bfe53f3aa6375f9a0ae73f51b7ce3c0930a2ce4c35f92e4a027d0c35f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF03036D0C10E86E7157F54C0467B8A1E0EF98B26F958072C6D8023DAEF7C6488CE12
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F912DC Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: free$_amsg_exit_errno_getptd$FreeHeapSleep_lockmalloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2578750445-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f86c4a6baa7a15a98deb82cec382926b201d4f10ac7440c89a263fc109bc61b
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b93dc756177acea1931fbe2cbc86deddd58e355d10acf6e3da324040a58471fc
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f86c4a6baa7a15a98deb82cec382926b201d4f10ac7440c89a263fc109bc61b
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D51C036A0C64A86E754EB25D400A79F6E1FB85BA8F144136DADE433DAEF3CE405CB00
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F81A60 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FFF46F81629), ref: 00007FFF46F81A94
                                                                                                                                                                                                                                                                                                                                                                                                    • SleepConditionVariableSRW.KERNEL32(?,?,?,?,?,?,?,00007FFF46F81629), ref: 00007FFF46F81AB1
                                                                                                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FFF46F81629), ref: 00007FFF46F81B0B
                                                                                                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FFF46F81629), ref: 00007FFF46F81B4B
                                                                                                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FFF46F81629), ref: 00007FFF46F81B89
                                                                                                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FFF46F81629), ref: 00007FFF46F81B95
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F81D80: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFF46F81BA3), ref: 00007FFF46F81D94
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$AcquireTime$ConditionFileSleepSystemVariable
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2766941289-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: eee807a7c5e97db7a91e62c87d3bb3baec84dd9d5eea3766d7c3a2e887527856
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 129695895c14d9b118a4a22854f2912c5572bdfc499cc3e4cb64d954e812e41c
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eee807a7c5e97db7a91e62c87d3bb3baec84dd9d5eea3766d7c3a2e887527856
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A415432A0CB8A85EB54EF21E45096DA7E0FB44BA8F545175DE8E03B94EF3CD845D300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F95064 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F9507D
                                                                                                                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F950D4
                                                                                                                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F9510F
                                                                                                                                                                                                                                                                                                                                                                                                    • free.LIBCMT ref: 00007FFF46F9511C
                                                                                                                                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F95127
                                                                                                                                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFF46F8F7C9,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F95135
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide$free
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 517548149-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 73a4596925b0f1f6c248def17cc655c5dcf4c43194a11afce5dcb3a858bdd8ff
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b9e226ce7a54ad3b2e0d38dcc9ea8c84576e1e0366661dde56573236bc78a3b3
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73a4596925b0f1f6c248def17cc655c5dcf4c43194a11afce5dcb3a858bdd8ff
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51211E22A0D78A85EB64AF21F45446AB6E5FB89BE4F484034DE8E07798EF3CE455C704
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8F26C Relevance: 9.1, APIs: 6, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateErrorLastThread_errno_getptd_invalid_parameter_noinfofree
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3283625137-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e7a953e81bdb19a8c6ec58054605baebe5e268649d34c2e23a4a96b05b14510f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ce0bf1cccf3c7a4b5538d86cc463a10c7df3cb09577963ca41665ad3361a6296
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7a953e81bdb19a8c6ec58054605baebe5e268649d34c2e23a4a96b05b14510f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA21A421A0C78985E614BF55E441AAAE2E4BF44BF4F444235EEDC437D6EF3CE4149600
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F91968 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00007FFF46F90B1D,?,?,?,?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F91972
                                                                                                                                                                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,00000000,00007FFF46F90B1D,?,?,?,?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F91980
                                                                                                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,00000000,00007FFF46F90B1D,?,?,?,?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F919D8
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F93D20: Sleep.KERNEL32(?,?,?,00007FFF46F9199B,?,?,00000000,00007FFF46F90B1D,?,?,?,?,00007FFF46F8EA49), ref: 00007FFF46F93D65
                                                                                                                                                                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,00000000,00007FFF46F90B1D,?,?,?,?,00007FFF46F8EA49,?,?,?,00007FFF46F811CB), ref: 00007FFF46F919AC
                                                                                                                                                                                                                                                                                                                                                                                                    • free.LIBCMT ref: 00007FFF46F919CF
                                                                                                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FFF46F919C0
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3106088686-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f6a02b197688d6c150fb43777ff9ed006a5fac73705666d714fdf80b4fc8b098
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f8e0ac8021da49e7f0d7158ae202fdc3df1b9fc2f3c4d61570ad6ac98ac986d
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6a02b197688d6c150fb43777ff9ed006a5fac73705666d714fdf80b4fc8b098
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE014425A0D70F82FB55BF66E454879A2E1BF48BB4F488234DDAD063D9FE3CE4488611
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9E384 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd$CallTranslator_amsg_exit
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1374396951-2084237596
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f343c98180deb0e5fd8b86c49f8bc0dbe8ad55a38c72e338b32dab75b83ae90e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c7ceb20ab19cd3f31198839b0f8570d48ad0c113e4979f81b84ed2535e2477b
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f343c98180deb0e5fd8b86c49f8bc0dbe8ad55a38c72e338b32dab75b83ae90e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3614472A0CA8695DA24EB59E080BAEB3E0FF80B58F544536D78D47689EF7CE159C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9DEFD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd$ExceptionRaise_amsg_exit
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 4155239085-1018135373
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2f1a58f017e14066d21e8282acf14784a750d221859a4b87f1257503d362afc8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c996bfa53b2de62aa7f3cfe93b7c241c8f1131cef7fba013a9e12d58b6cffa9f
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f1a58f017e14066d21e8282acf14784a750d221859a4b87f1257503d362afc8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1731013650CA4586D630EF21E041A6AB3A4FB45769F144236DEDD03BD9DF3DE449CB00
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9C398 Relevance: 7.6, APIs: 5, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$_fileno_getbuf_invalid_parameter_noinfo_isatty
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2574049805-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6992d3c371c480d247f32d78d5f44be21e87a03e4b55a3d58a679cf4c43c9eb6
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c44415ceddd6e436bf19b40d040f01af9216ec417e36def3ba6a5a0be2df637
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6992d3c371c480d247f32d78d5f44be21e87a03e4b55a3d58a679cf4c43c9eb6
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC41B3E2A0C60A45E724AF2DD442A7DB6D0AF84BB4F144235DA9D472DDFE3CE859C740
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8DE90 Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32 ref: 00007FFF46F8DEC6
                                                                                                                                                                                                                                                                                                                                                                                                    • realloc.LIBCMT ref: 00007FFF46F8DF25
                                                                                                                                                                                                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32 ref: 00007FFF46F8DFA9
                                                                                                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,00000057,00000000,00000000,00007FFF46F8E36E,?,?,?,?,?,?,?,00000000,00000000,00007FFF46F813E6), ref: 00007FFF46F8DFCA
                                                                                                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,00000057,00000000,00000000,00007FFF46F8E36E,?,?,?,?,?,?,?,00000000,00000000,00007FFF46F813E6), ref: 00007FFF46F8DFE8
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ErrorLastRead$mallocrealloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3638135368-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a29d5eb80dc60310a9f9f38aa4a5a0afa0360973916dc37747efc8d603d06e32
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ad2892fc19c18576e45c843032c8bd9e185fc86e263acfb0e3a1a2d5fc57ed89
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a29d5eb80dc60310a9f9f38aa4a5a0afa0360973916dc37747efc8d603d06e32
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74412F36608B4987EB60AF16E454A6AB3E0FF58B94F084035DE8E47794EF3CE445E700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9613C Relevance: 7.6, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$StringTypefreemalloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 307345228-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d8ed0a8dd072ffa82ae3d3746bb960ec961ee0d08fdacc0657be2b391dec7353
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b2210fb53669eea1b0cd185b4c4ed254eb098bd76ad65170772fd1d3138f47f
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8ed0a8dd072ffa82ae3d3746bb960ec961ee0d08fdacc0657be2b391dec7353
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7416022B1D74586FF20AF25D8009A9A2D5FF45BB8F584236EEAD477D9EF38E4058300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F924AC Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F8F424: _amsg_exit.LIBCMT ref: 00007FFF46F944B2
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,00007FFF46F925C1,?,?,?,?,00007FFF46F8F546,?,?,00000000,00007FFF46F8F7F9), ref: 00007FFF46F924D5
                                                                                                                                                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,00007FFF46F925C1,?,?,?,?,00007FFF46F8F546,?,?,00000000,00007FFF46F8F7F9), ref: 00007FFF46F924E5
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F97020: _errno.LIBCMT ref: 00007FFF46F97029
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F97020: _invalid_parameter_noinfo.LIBCMT ref: 00007FFF46F97034
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FFF46F925C1,?,?,?,?,00007FFF46F8F546,?,?,00000000,00007FFF46F8F7F9), ref: 00007FFF46F92563
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F93DA4: realloc.LIBCMT ref: 00007FFF46F93DCF
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F93DA4: Sleep.KERNEL32(?,?,00000000,00007FFF46F92553,?,?,?,00007FFF46F925C1,?,?,?,?,00007FFF46F8F546,?,?,00000000), ref: 00007FFF46F93DEB
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FFF46F925C1,?,?,?,?,00007FFF46F8F546,?,?,00000000,00007FFF46F8F7F9), ref: 00007FFF46F92573
                                                                                                                                                                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FFF46F925C1,?,?,?,?,00007FFF46F8F546,?,?,00000000,00007FFF46F8F7F9), ref: 00007FFF46F92580
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Pointer$Encode$Decode$Sleep_amsg_exit_errno_invalid_parameter_noinforealloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2684694218-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 84aed86439754932b40c97b417b7d4e22af683c5e96b5ec7ef8d8557605d7931
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: aae41032b570e5d20250369abc1f8048e075b552cb9b67ad320ec9991cd65675
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84aed86439754932b40c97b417b7d4e22af683c5e96b5ec7ef8d8557605d7931
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78216D21A1E64A41EA44AB55E954879E3E1BF48BA4B444435DD8E477E9FE3CE489C300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F95160 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5dd402e7dd5a24916b00689491a760ab94908bf98c674fbc03155355c263e938
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 34ad650d670b0ff4adb6c2d8d73dea43b5aa71a920eab75f5595744d68ef338e
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dd402e7dd5a24916b00689491a760ab94908bf98c674fbc03155355c263e938
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21016525A1DB0981E7509F21F450665A7E0FB49BA4F446530DEEE477E4FF7CD8998300
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F979D0 Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c2829b9add27e68880936c27563a62a597c208177097d132eebeae33d8d35fa2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ff4641bf2b1a38016c3452c3b17bfb7304377c4252fe279af9f6e746f1de2ac3
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2829b9add27e68880936c27563a62a597c208177097d132eebeae33d8d35fa2
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B01D161E2DB4E40FE453F14C881B78E1E19F51B75F514334D9AD023EAEF3CA8098210
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F81D80 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 241timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Time$FileSystemsprintf
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: del_base${%u;%u;%u;%u}
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3019811310-3142518158
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 57a50faf89e887594cf2666595ead34838b3f12eb5797fa761e52d261fda3392
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1cbcb1dceb605e850b6db22629f4a22662e629c01ec52589d62a3a755ab46644
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57a50faf89e887594cf2666595ead34838b3f12eb5797fa761e52d261fda3392
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CB18E62B0CB8A86EB20EB55D040B69B7E1FB84BA4F495175CB8D07BD5EF38E850D740
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F99FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno$_getptd_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2372577547-1885708031
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4c803c89b989c7b7e0ea2dbbfbcbdf76bdcb6d3ec2fa5f36dd22b6bc8ddb8692
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f213d43180d4eebf4f2f7e3a19797bd116646d190265d91df5f48702c0c93b74
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c803c89b989c7b7e0ea2dbbfbcbdf76bdcb6d3ec2fa5f36dd22b6bc8ddb8692
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6419E22B18B6985EB519F61D840AAC73F4FB44BA8F085131EE9D1779CEF39D485C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9B558 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: A$Z
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3686281101-4098844585
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b96a0efcaf7e77b217d1ba30405e17d936c8cad5d057729c4568402b350d08e6
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 141f0ff35e28c0e4380f63467a7f0acf71f87c1de75c8d85e2c1cf8aa3993dc1
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b96a0efcaf7e77b217d1ba30405e17d936c8cad5d057729c4568402b350d08e6
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65218462E2C69B81FB607B19D14057AF6E1EB40BB5F544136EADD076CCEE6CE845C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8EB24 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _callnewh_errno$AllocHeapmallocstd::exception::exception
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2837191506-2104205924
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 566e9167ae8b9539d6561ead0f2cd7013889d063f5b658b15b0c97262b363f9e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ca8536aaf85df0fe6206d9867019f8fa58b8703ef059d4c3ea7ffd36d00241c7
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 566e9167ae8b9539d6561ead0f2cd7013889d063f5b658b15b0c97262b363f9e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0010921A2D70F91EA10BB50E8518B4E3E0AF547A4F841435D9CE466DAFF7CE148D700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8F3D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,?,000000FF,00007FFF46F8F419,?,?,00000028,00007FFF46F8EAAD,?,?,00000000,00007FFF46F93CD0,?,?,?,00007FFF46F94401), ref: 00007FFF46F8F3DF
                                                                                                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,000000FF,00007FFF46F8F419,?,?,00000028,00007FFF46F8EAAD,?,?,00000000,00007FFF46F93CD0,?,?,?,00007FFF46F94401), ref: 00007FFF46F8F3F4
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1646373207-1276376045
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 91af30c4d3319fc00a4e6d116f66ef512e0fcfe258f5c2c9b857530467563277
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 42e6d4f2f73750fead92181bc11d56cebefe06a8972f9e0b9a0051c26ca7d165
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91af30c4d3319fc00a4e6d116f66ef512e0fcfe258f5c2c9b857530467563277
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61E0EC11F1E60A41EE996B51F88493492D07F98764B48503DCC9E063D0FF2CA58A8350
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F811E0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errnofree$AllocHeap_callnewhmalloc
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: new_base
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2142906625-878267068
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ad998a30cc51099a3804df74743fe7087f893f0ca513fd8fd56c1c36f8dd7e4e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b79d425a635488294d5a50738994333aa5647b18c1ea6c9e3f0c1df1d56ac3d
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad998a30cc51099a3804df74743fe7087f893f0ca513fd8fd56c1c36f8dd7e4e
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A271B922B09B8699EB10EF20E4006ACB7E1FB45BA8F444675DEAD57BC9EF38D514D340
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F94568 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: DecodePointer_errno_invalid_parameter_noinfo_lock
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 27599310-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1f4a9fdcff9491a6ca6a44612e26895dc1c8bbd5d54b1e4fa4ea1c57d00061d1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9620f0cd13a50c1ce5e7b64ee291ea2c80209bc6640506e9f84e5e5fd0acf7f9
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f4a9fdcff9491a6ca6a44612e26895dc1c8bbd5d54b1e4fa4ea1c57d00061d1
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C51A171E0C74E82EA69AB15E440A3AE6E1FFA6764F144035D9DE426DCFF3CE849C601
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9DB30 Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd$BaseImage_amsg_exit
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2306399499-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3faaaad8a25aed3ffe5069bd57cea64a43257a6a63cf887993de3d05b649a5e7
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 80dda19799913d8895ea5bc5499c84b9f07e58b221e0790d981fd4ba4a9ddd03
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3faaaad8a25aed3ffe5069bd57cea64a43257a6a63cf887993de3d05b649a5e7
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12418F22A0CD4B41DA25B755D441D7DE6D0AF90BA8F254533DE9D437DAEF7CE44AC200
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F97334 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_fileno_getbuf
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3036866907-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 58fb85adb1f203c126552d1ec38e4499d39f1d5b3845d2d583dd69375c63441f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 23d0762d5704ad467ca9b7f335366eb9c515e26298ba62287af1d00d893d40c0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58fb85adb1f203c126552d1ec38e4499d39f1d5b3845d2d583dd69375c63441f
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F31EB6290CF4E80EB69AE38C446B38A6D0AB51B78F595235CEDD012DDEF7CDC59C240
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8D8B0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Time_getptdrand$FileSystem
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: =$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 280472390-3479341523
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d123890acb5a21efb06d3a7a3bd9e3e1c523e8baba114c510ff78c247ba5bb0a
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c989c2f4ccf9d58504934e7e2d98c0f7c369a1dbdcf95cf39331f588d15fc42a
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d123890acb5a21efb06d3a7a3bd9e3e1c523e8baba114c510ff78c247ba5bb0a
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4331B136A0DB9985E740EB25E845528B7E2FB4C7A0B110276DAEC833E9EF3CD401C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F97B70 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CriticalDeleteSection_amsg_exit_lockfclosefree
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 594724896-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3047a73abd481045f7df12ce9b1f0840e2e8f74cb107ad07d96fa0d21c91fd43
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2966c4a3d2c018a68726224a549318ed85aeee4760bddcd455f9465a0f58df41
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3047a73abd481045f7df12ce9b1f0840e2e8f74cb107ad07d96fa0d21c91fd43
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811812590CA4A82E614BF59E480B7CE7E0FF84BA4F144235DADE432E9EF28E4468604
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F90F18 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _amsg_exit$_getptd_lockfree
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2148533958-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4d6b03d44c4c67d00ed8515362eab3f797169f50b720ffef422e720dbaec7834
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d4e2cdda3acdcb9c15f076b6337030f2cdc504da8ed27f6edb05b30e675b9cee
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d6b03d44c4c67d00ed8515362eab3f797169f50b720ffef422e720dbaec7834
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D114221A1D64985EB94AB10D440FB8F2E5FB447A8F480035DE9E033D9EF2CE554C704
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F91888 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • FlsFree.KERNEL32(?,?,?,?,00007FFF46F8F85E,?,?,?,?,?,?,?,00007FFF46F944B7), ref: 00007FFF46F91897
                                                                                                                                                                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,00007FFF46F8F85E), ref: 00007FFF46F94333
                                                                                                                                                                                                                                                                                                                                                                                                    • free.LIBCMT ref: 00007FFF46F9433C
                                                                                                                                                                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,00007FFF46F8F85E), ref: 00007FFF46F94363
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CriticalDeleteSection$Freefree
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1250194111-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: eed86e4e209809e761de7d150bccde48ec8adde1cd3c40176633e2f627cb624c
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: af6eb82d07ed179657e33cf735dab893ed65f4c809f70bf8d1212c2dc778cc81
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eed86e4e209809e761de7d150bccde48ec8adde1cd3c40176633e2f627cb624c
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2113031E0D64A86E754AF21E441A78E2E0EF54BB4F980230DAAD026D8EE3CE4959700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8F1EC Relevance: 6.0, APIs: 4, Instructions: 32threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Thread$CurrentErrorExitLast_freefls
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 217443660-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 378f8d9af723f39507e9d17c481a69f64c4023606434bb25e89adc674c1c2bba
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 91f3c4e4c992e9167404fb1e3c0f90c4bfca720f61f2b36b4a9acc3b23bebf6a
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 378f8d9af723f39507e9d17c481a69f64c4023606434bb25e89adc674c1c2bba
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09011D25E0DB4A45EB08BB71D409AACA2D4AF09BE8F144470C99D473D6FE2CA4089310
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F917E8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _amsg_exit_getptd$_lock
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3670291111-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1f40494590032e16d9c1af93dc6f1a6f294c7d1ae740e603aac16b498922a896
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 315a46935e2ee1a0402e67ba2df013e395bd7e1f80a9178fdf2bb6d06332f2d5
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f40494590032e16d9c1af93dc6f1a6f294c7d1ae740e603aac16b498922a896
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3F01D15E0D14A82FB58FB61C882FB8A6E5EF54760F494538DAAC073DAFF1CA848D311
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9EAB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _amsg_exit_getptd
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 4217099735-3733052814
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 06c151ba64b355ae3a242742025a8726b25498313d6d2c80856f3fe6b294d7d9
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 44adfe7f5265724a105e7aeb770731e8db96e8b176814c7d7ff9fcd00e34169d
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06c151ba64b355ae3a242742025a8726b25498313d6d2c80856f3fe6b294d7d9
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB518022A0C75586EB64AE25D444B7AB6E0BF44BA4F084135DACD47BCDEF3CE458CB01
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F81BD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    • swscanf.LIBCMT ref: 00007FFF46F81CCE
                                                                                                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00007FFF46F829F0: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,00000000,?,00007FFF46F81D27), ref: 00007FFF46F82AA3
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: Time$FileSystemfreemallocswscanf
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: {${%u;%u;%u;%u}
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2136266423-2630568404
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2b3079c04be3d1a50b5845255aa5bf8f24c7fbc24c4052859032beacf9c559f8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 33871072ff55c8fe82f495c4e34ad011a19c4cb26c70cbdcceeb05bb0e964d3c
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b3079c04be3d1a50b5845255aa5bf8f24c7fbc24c4052859032beacf9c559f8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E41A432F1CA4A89E720EBB0E400ABCB7E1EB59758F044675EA9C57B89EF389510D750
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9F523 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3186804695-3733052814
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 71f522b27e70999e5c48e669f58a227cc67f96278429a5b87a9b2d93fb727172
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 69d681e3b4a72dc3776ec77a6aa2cd3819c9a2cad552f2b1e7101ae42b2d7c60
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71f522b27e70999e5c48e669f58a227cc67f96278429a5b87a9b2d93fb727172
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5314173509708CADB609F26C0806A83BB5F758BACF8A1234E68C0BB98DB35D8C4C744
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8ED68 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: I
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2959964966-3707901625
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c59ea3c37e1ea953a8a8a1ac5268734f103a8800a341fc04aa61830b5933689
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e95c222a1bd8a3a7cc254e3ec04106a9ba24870b9b6fcad9cf878f38a194d9a
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c59ea3c37e1ea953a8a8a1ac5268734f103a8800a341fc04aa61830b5933689
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0111A072A1874486EB20AF12E5406A9B6A5FB84FE0F144235EFDC03BD9DF3CD545CA00
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F9F623 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3186804695-1018135373
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 87660cf283d4484ddf39f930ff220e14a2de3e98645d424eaab30b1e7d243d04
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c23f1bf5e0c675c4139d8f80ba6bcaff65e7883a8d09633b43ee78b8c4413536
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87660cf283d4484ddf39f930ff220e14a2de3e98645d424eaab30b1e7d243d04
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB01926390A74A85DF34BF21C841AB873E4EB69729F150139CA8D0B6DDEF38D488C700
                                                                                                                                                                                                                                                                                                                                                                                                    Function 00007FFF46F8E460 Relevance: 5.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000002.1753808900.00007FFF46F81000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFF46F80000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1753754489.00007FFF46F80000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754333181.00007FFF46FA0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754526564.00007FFF46FA8000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    • Associated: 0000001E.00000002.1754657261.00007FFF46FAC000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_2_7fff46f80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 21f90e0e9a129d2c26868982d2aa3e47a8af171717f7c04f571f7590ddbd53f8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2138894e3903baef50933406ca43619d9153b746de1a8a1f7033b42cde3d25a0
                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21f90e0e9a129d2c26868982d2aa3e47a8af171717f7c04f571f7590ddbd53f8
                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81415D36B0865A86EB14AF24E444A79B3E0FB48B68F440575DA8D877D4FF3CE892D740